Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Horde应用程序框架'Xss.php'跨站脚本攻击漏洞
Vulnerability Description
Horde应用程序框架, Horde Groupware,以及Horde Groupware Webmail Edition中的Text_Filter/lib/Horde/Text/Filter/Xss.php不能正确处理数据: URIs,远程攻击者可以借助一个HTML邮件信息中的一个A元素的HREF属性的:text/html数据值导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A