====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN109
_____________________________________________________________________

DATE                : 19/02/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Horde_Text_Filter library versions
                                      prior to 2.3.7.

=====================================================================
https://lists.horde.org/archives/announce/2021/001298.html
_____________________________________________________________________

Hello,

A XSS vulnerability has been found in the Horde_Text_Filter library.
This library is utilized by the Horde webmail application (IMP) for
tasks such as making hyperlinks clickable in plain text email. This
vulnerability leads to the ability of an attacker to craft a malicious
email that can execute arbitrary JavaScript code in the context of the
webmail application. All that is required of the user is to display
the malicious email.

This vulnerability has been patched in version 2.3.7 of the
Horde_Text_Filter library and everybody is advised to upgrade to
Horde_Text_Filter 2.3.7 as soon as possible.

This vulnerability was reported to us by Alex
Birnberg<birnbergalex at gmail.com>.




-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================