Stored Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition
CVE-2020-8035

6.1MEDIUM

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
18 May 2020

What is CVE-2020-8035?

The image view functionality in Horde Groupware Webmail Edition prior to version 5.2.22 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue arises when users upload SVG images containing malicious JavaScript payloads. If an attacker tricks a victim into loading a crafted URL, they can gain unauthorized access to the victim's webmail account, potentially compromising sensitive information and leading to further exploitation.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.