Reflected Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition
CVE-2020-8034

6.1MEDIUM

Key Information:

Vendor

Horde

Vendor
CVE Published:
18 May 2020

What is CVE-2020-8034?

A reflected Cross-Site Scripting vulnerability exists in Gollem prior to version 3.0.13, which is utilized in Horde Groupware Webmail Edition 5.2.22 and other applications. This security flaw allows an attacker to craft a malicious URL that, when accessed by a victim, can compromise their webmail session. The vulnerability specifically affects the breadcrumb functionality, manipulated through the HTTP GET parameter. Exploiting this vulnerability could enable unauthorized access to sensitive information within impacted webmail accounts.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.