-
[CVE-2021-26929] Horde Groupware Webmail Edition 5.2.22 - Stored XSS in received emails
Abstract The Horde Groupware webmail application performs in-line linking of URLs and emails in text messages before and after the sanitization process. Two input sanitization vulnerabilities that can be exploited to perform stored cross-site scripting (XSS) attacks have been discovered in how Horde Groupware webmail handles URLs and emails in...
-
[CVE-2020-35730] Roundcube 1.4.9 - Stored XSS in received emails
Abstract The Roundcube webmail application performs in-line link references in text messages before and after the sanitization process. An input sanitization vulnerability that can be exploited to perform stored cross-site scripting (XSS) attacks has been discovered in how Roundcube webmail handles link references in text messages. A remote attacker can...