CVE-2020-8035 — Cross-site Scripting in Groupware
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 36.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 18
Latest updateMay 24
Description
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7