-
[CVE-2021-31950] Microsoft SharePoint Server - GetXmlDataFromDataSource Server-Side Request Forgery Information Disclosure Vulnerability
Abstract This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the XMLUrlDataAdapter and SoapDataAdapter class. The issue results from the lack of proper validation of the user-supplied URL. An attacker can leverage...
-
[CVE-2021-26929] Horde Groupware Webmail Edition 5.2.22 - Stored XSS in received emails
Abstract The Horde Groupware webmail application performs in-line linking of URLs and emails in text messages before and after the sanitization process. Two input sanitization vulnerabilities that can be exploited to perform stored cross-site scripting (XSS) attacks have been discovered in how Horde Groupware webmail handles URLs and emails in...
-
[CVE-2020-35730] Roundcube 1.4.9 - Stored XSS in received emails
Abstract The Roundcube webmail application performs in-line link references in text messages before and after the sanitization process. An input sanitization vulnerability that can be exploited to perform stored cross-site scripting (XSS) attacks has been discovered in how Roundcube webmail handles link references in text messages. A remote attacker can...
