Gollem before 3.0.13 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output.
The information has been provided by Jan Schneider
The original article can be found at:https://lists.horde.org/archives/announce/2020/001289.html
An attacker can obtain access to a victim’s webmail account by making them visit a malicious URL.
Gollem before 3.0.13