This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Horde First view 2011-04-04
Product Gollem Last view 2020-05-18
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:horde:gollem:1.1:*:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0:*:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0:rc2:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0.2:rc1:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0.1:rc1:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.1:rc1:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0.4:*:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0:rc1:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0:beta:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0.3:*:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0.2:*:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0:alpha:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:1.0.1:*:*:*:*:*:*:* 2
cpe:2.3:a:horde:gollem:*:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
6.1 2020-05-18 CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
4.3 2011-04-04 CVE-2010-3447

Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
68262 Horde Gollem view.php file Parameter XSS

OpenVAS Exploits

id Description
2011-04-11 Name : Horde Gollem 'file' Cross-Site Scripting Vulnerability
File : nvt/gb_horde_gollem_file_xss_vuln.nasl