CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-12095

HIGH
8.8
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile30.34th
Published2019年10月24日
Last Modified2024年11月21日

Vulnerability Description

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.

Affected Platforms (CPE)

📦
Horde

Groupware

<= 5.2.22

References & Advisories

🔗 https://bugs.horde.org/ticket/14926
🔗 https://cxsecurity.com/issue/WLB-2019050199
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/161333
🔗 https://lists.debian.org/debian-lts-announce/2019/12/msg00015.html
🔗 https://numanozdemir.com/respdisc/horde/horde.mp4
🔗 https://numanozdemir.com/respdisc/horde/horde.txt
🔗 https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html
🔗 https://www.exploit-db.com/exploits/46903

相关漏洞威胁

CVE-2008-721810.0

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 ...

CVE-2008-721910.0

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2....

CVE-2005-364010.0

Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute a...

CVE-2019-199079.8

HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by...