CVE-2019-12094: XSS
First published: Thu Oct 24 2019(Updated: )
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Groupware | <=5.2.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.horde.org/ticket/14926
- https://cxsecurity.com/issue/WLB-2019050199
- https://numanozdemir.com/respdisc/horde/horde.mp4
- https://numanozdemir.com/respdisc/horde/horde.txt
- https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html
- https://www.exploit-db.com/exploits/46903
Frequently Asked Questions
What is CVE-2019-12094?
CVE-2019-12094 is a vulnerability in Horde Groupware Webmail Edition through 5.2.22 that allows XSS (cross-site scripting) attacks.
How severe is CVE-2019-12094?
CVE-2019-12094 has a severity rating of medium with a CVSS score of 6.1.
What is the affected software of CVE-2019-12094?
The affected software of CVE-2019-12094 is Horde Groupware Webmail Edition up to version 5.2.22.
How can I exploit CVE-2019-12094?
To exploit CVE-2019-12094, an attacker can use the admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI to perform a cross-site scripting attack.
Is there a fix for CVE-2019-12094?
Yes, you should update to a version of Horde Groupware Webmail Edition that is higher than 5.2.22 to fix CVE-2019-12094.
- collector/nvd-index
- vendor/horde
- canonical/horde groupware
- version/horde groupware/5.2.22