Stored Cross-Site Scripting Vulnerability in Horde Groupware Webmail Edition
CVE-2020-8035
6.1MEDIUM
What is CVE-2020-8035?
The image view functionality in Horde Groupware Webmail Edition prior to version 5.2.22 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue arises when users upload SVG images containing malicious JavaScript payloads. If an attacker tricks a victim into loading a crafted URL, they can gain unauthorized access to the victim's webmail account, potentially compromising sensitive information and leading to further exploitation.
