Debian Php-Horde-Gollem vulnerabilities

CVE-2020-8034 [MEDIUM] CVE-2020-8034: php-horde-gollem - Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and othe... Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. Scope: loca

CVE-2017-15235 [HIGH] CVE-2017-15235: php-horde-gollem - The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote ... The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. Scope: local bookworm: resolved (fixed in 3.0.12-1) bullseye: resolved (fixed in 3.0.12-1) sid: resolved (fixed in 3.0.12-1)