Gollem before 3.0.13 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability


Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. 


The information has been provided by Jan Schneider

The original article can be found at:https://lists.horde.org/archives/announce/2020/001289.html


An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL.


Vulnerable Systems:

Gollem before 3.0.13


CVE Information:



Disclosure Timeline:
Published Date:5/18/2020

Categories: Uncategorized