CVE-2020-8034 -- php-horde-gollemID: oval:org.secpod.oval:def:2004044 | Date: (C)2020-10-08 (M)2021-06-02 |
Class: VULNERABILITY | Family: unix |
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL.
Platform: |
Debian 10.x |
Debian 9.x |