• [CVE-2021-26929] Horde Groupware Webmail Edition 5.2.22 - Stored XSS in received emails

    Abstract The Horde Groupware webmail application performs in-line linking of URLs and emails in text messages before and after the sanitization process. Two input sanitization vulnerabilities that can be exploited to perform stored cross-site scripting (XSS) attacks have been discovered in how Horde Groupware webmail handles URLs and emails in...

  • [CVE-2020-35730] Roundcube 1.4.9 - Stored XSS in received emails

    Abstract The Roundcube webmail application performs in-line link references in text messages before and after the sanitization process. An input sanitization vulnerability that can be exploited to perform stored cross-site scripting (XSS) attacks has been discovered in how Roundcube webmail handles link references in text messages. A remote attacker can...