Reflected Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition
CVE-2020-8034
6.1MEDIUM
What is CVE-2020-8034?
A reflected Cross-Site Scripting vulnerability exists in Gollem prior to version 3.0.13, which is utilized in Horde Groupware Webmail Edition 5.2.22 and other applications. This security flaw allows an attacker to craft a malicious URL that, when accessed by a victim, can compromise their webmail session. The vulnerability specifically affects the breadcrumb functionality, manipulated through the HTTP GET parameter. Exploiting this vulnerability could enable unauthorized access to sensitive information within impacted webmail accounts.
