CVE-2020-8034: XSS
First published: Mon May 18 2020(Updated: )
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Gollem | <3.0.13 | |
| Horde Groupware | =5.2.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/horde/gollem/blob/95b2a4212d734f1b27aaa7a221d2fa1370d2631f/docs/CHANGES
- https://github.com/horde/gollem/commits/master
- https://lists.debian.org/debian-lts-announce/2020/05/msg00033.html
- https://lists.horde.org/archives/announce/2020/001289.html
- https://lists.horde.org/archives/gollem/Week-of-Mon-20200420/001990.html
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-8034.
What is the severity of CVE-2020-8034?
The severity of CVE-2020-8034 is medium.
Which software versions are affected by CVE-2020-8034?
Gollem before version 3.0.13 and Horde Groupware Webmail Edition 5.2.22 are affected by this vulnerability.
What is the CWE ID of CVE-2020-8034?
The CWE ID of CVE-2020-8034 is CWE-79.
How can I fix CVE-2020-8034?
To fix CVE-2020-8034, you should update to version 3.0.13 or higher of Gollem and version 5.2.23 or higher of Horde Groupware Webmail Edition.
- collector/nvd-index
- vendor/horde
- canonical/horde gollem
- canonical/horde groupware
- version/horde groupware/5.2.22