SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
Horde Groupware is a free, enterprise ready, browser based collaboration suite. Users can manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from the Horde Project. Horde Groupware bundles the separately available applications Kronolith, Turba, Nag Mnemo, Gollem, and Trean.
A vulnerability in the way Horde Groupware handles directory contents allows an authenticated attacker to inject a XSS into directories and files and have others become victim to their code execution via the sharing option.
The first step to recreate the vulnerability is to create a file or folder under the Files Application option, and then select the ‘rename’ option:
Then instead of the regular filename, place something like:
At this point the attack is local, only affecting the current user, to extend this to any user viewing the shared files and folders that Horde provides a user just needs to ‘Share’ it:
Horde has issued a patch [SECURITY] Horde Groupware Webmail Edition 5.2.10 (final) which addresses this vulnerability.