CVE-2021-26929

NameCVE-2021-26929
DescriptionAn XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2564-1
NVD severitymedium
Debian Bugs982769

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-horde-text-filter (PTS)stretch2.3.5-1vulnerable
stretch (security)2.3.5-1+deb9u1fixed
buster2.3.5-3+deb10u2fixed
bullseye, sid2.3.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-horde-text-filtersourcestretch2.3.5-1+deb9u1DLA-2564-1
php-horde-text-filtersourcebuster2.3.5-3+deb10u2
php-horde-text-filtersource(unstable)2.3.7-1982769

Notes

https://lists.horde.org/archives/announce/2021/001298.html
https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master)
https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
https://www.alexbirnberg.com/horde-xss.html

Search for package or bug name: Reporting problems