CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:horde:gollem:*:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware:5.2.22:*:*:*:webmail:*:*:*

Information

Published : 2020-05-18 10:15

Updated : 2020-05-31 11:15


NVD link : CVE-2020-8034

Mitre link : CVE-2020-8034


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

horde

  • gollem
  • groupware