Summary
Detail | |||
---|---|---|---|
Vendor | Horde | First view | 2011-04-04 |
Product | Gollem | Last view | 2020-05-18 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2020-05-18 | CVE-2020-8034 | Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. |
4.3 | 2011-04-04 | CVE-2010-3447 | Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
68262 | Horde Gollem view.php file Parameter XSS |
OpenVAS Exploits
id | Description |
---|---|
2011-04-11 | Name : Horde Gollem 'file' Cross-Site Scripting Vulnerability File : nvt/gb_horde_gollem_file_xss_vuln.nasl |