PT-2020-19932 · Horde · Horde Groupware Webmail Edition

Polict

Published

2020-05-18

Updated

2020-06-01

CVE-2020-8035

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Horde Groupware Webmail Edition versions prior to 5.2.22

Description The image view functionality is affected by a stored Cross-Site Scripting (XSS) issue via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.

Recommendations For versions prior to 5.2.22, update to version 5.2.22 or later to resolve the issue. As a temporary workaround, consider restricting the upload of SVG images to prevent potential exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-8035

DLA-2230-1

Affected Products

Horde Groupware Webmail Edition

PT-2020-19932 · Horde · Horde Groupware Webmail Edition

CVE-2020-8035

Weakness Enumeration

Related Identifiers

Affected Products

References · 12