{"url":"http://public2.vulnerablecode.io/api/packages/516902?format=json","purl":"pkg:deb/debian/php-horde-gollem@3.0.12-3%2Bdeb10u1","type":"deb","namespace":"debian","name":"php-horde-gollem","version":"3.0.12-3+deb10u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.13-5","latest_non_vulnerable_version":"3.0.13-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97909?format=json","vulnerability_id":"VCID-kgx1-naab-xbhp","summary":"Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8034","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66283","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66342","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66327","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66313","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66332","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961649","reference_id":"961649","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961649"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/670759?format=json","purl":"pkg:deb/debian/php-horde-gollem@3.0.13-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-horde-gollem@3.0.13-5"}],"aliases":["CVE-2020-8034"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgx1-naab-xbhp"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97908?format=json","vulnerability_id":"VCID-a75k-8tbz-fqef","summary":"The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15235","reference_id":"","reference_type":"","scores":[{"value":"0.12693","scoring_system":"epss","scoring_elements":"0.94117","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12693","scoring_system":"epss","scoring_elements":"0.94126","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12693","scoring_system":"epss","scoring_elements":"0.94125","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12693","scoring_system":"epss","scoring_elements":"0.94127","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12693","scoring_system":"epss","scoring_elements":"0.94132","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15235"},{"reference_url":"https://blogs.securiteam.com/index.php/archives/3454","reference_id":"CVE-2017-15235","reference_type":"exploit","scores":[],"url":"https://blogs.securiteam.com/index.php/archives/3454"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44059.md","reference_id":"CVE-2017-15235","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44059.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516902?format=json","purl":"pkg:deb/debian/php-horde-gollem@3.0.12-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgx1-naab-xbhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-horde-gollem@3.0.12-3%252Bdeb10u1"}],"aliases":["CVE-2017-15235"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a75k-8tbz-fqef"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-horde-gollem@3.0.12-3%252Bdeb10u1"}