Horde Gollem vulnerabilities
2 known vulnerabilities affecting horde/gollem.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-8034MEDIUMCVSS 6.1fixed in 3.0.132020-05-18
CVE-2020-8034 [MEDIUM] CWE-79 CVE-2020-8034: Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affec
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
nvd
CVE-2010-3447MEDIUMCVSS 4.3≤ 1.1.1v1.0+5 more2011-04-04
CVE-2010-3447 [MEDIUM] CWE-79 CVE-2010-3447: Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2
Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.
nvd