CVE-2020-8034

Name of the Vulnerable Software and Affected Versions Gollem versions prior to 3.0.13

Description The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability. It occurs via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can exploit this by making a victim visit a malicious URL, potentially obtaining access to the victim's webmail account.

Recommendations For versions prior to 3.0.13, update to version 3.0.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the browser functionality until a patch is applied. Avoid using the dir parameter in the affected HTTP GET requests until the issue is resolved.