CVEs-PoC/2019/CVE-2019-12095.md at 2ef066380cb36dba2e454190ca2349fcff6ca2df

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-27 02:02:23 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.

POC

Reference

https://bugs.horde.org/ticket/14926
https://cxsecurity.com/issue/WLB-2019050199
https://packetstormsecurity.com/files/152975/Horde-Webmail-5.2.22-XSS-CSRF-SQL-Injection-Code-Execution.html
https://www.exploit-db.com/exploits/46903

Github

No PoCs found on GitHub currently.

932 B Raw Blame History

CVE-2019-12095

Description

POC

Reference

Github

932 B

Raw Blame History