CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Horde: >> Gollem >> 2.0.0 Security Vulnerabilities

CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.

CVSS Score

6.1

EPSS Score

0.005

Published

2020-05-18

Page 1

Vulnerabilities

Vulnerable Software

Horde: >> Gollem >> 2.0.0 Security Vulnerabilities

Products

Pricing

Contact Us