VDB
CVE-2020-8034
CVE-2020-8034
PUBLISHED
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
EPSS 0.50% · 66.3th percentile
Risk Scores
EPSS Score
0.50%
66.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | php-horde-gollem | 0, 3.0.11-1, 3.0.12-1 |
| Ubuntu:16.04:LTS | php-horde-gollem | 0, 3.0.5-1, 3.0.6-1 |
Exploit Intelligence
- https://github.com/horde/gollem/commits/master (circl)
- https://lists.horde.org/archives/gollem/Week-of-Mon-20200420/001990.html (circl)
- https://github.com/horde/gollem/blob/95b2a4212d734f1b27aaa7a221d2fa1370d2631f/docs/CHANGES (circl)
- https://lists.horde.org/archives/announce/2020/001289.html (circl)
- [debian-lts-announce] 20200531 [SECURITY] [DLA 2229-1] php-horde-gollem security update (circl)
Timeline
- May 18, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8034 third-party-advisory
- https://lists.horde.org/archives/announce/2020/001289.html third-party-advisory
- https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8034 third-party-advisory