{"uuid": "7722be74-d573-43e4-9d99-50a28f90db47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-26929", "type": "seen", "source": "https://t.me/cibsecurity/23577", "content": "\u203c CVE-2021-26929 \u203c\n\nAn XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \\x00\\x00\\x00 and \\x01\\x01\\x01 interferes with XSS defenses.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-14T07:45:11.000000Z"}