CVE-2020-8034
Summary
| CVE | CVE-2020-8034 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-18 17:15:00 UTC |
| Updated | 2020-05-31 18:15:00 UTC |
| Description | Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [announce] [SECURITY] Gollem H5 (3.0.13) (final) | MISC | lists.horde.org | Mailing List, Vendor Advisory |
| gollem/CHANGES at 95b2a4212d734f1b27aaa7a221d2fa1370d2631f · horde/gollem · GitHub | CONFIRM | github.com | Release Notes, Third Party Advisory |
| Commits · horde/gollem · GitHub | MISC | github.com | Patch, Third Party Advisory |
| [SECURITY] [DLA 2229-1] php-horde-gollem security update | MLIST | lists.debian.org | |
| [gollem] [SECURITY] Gollem H5 (3.0.13) (final) | CONFIRM | lists.horde.org | Mailing List, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.