CVE-2020-10122

cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files SEC-547...

CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webma...

Cross site scripting

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...

GLSA-200506-19 : SquirrelMail: Several XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200506-19 SquirrelMail: Several XSS vulnerabilities SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Impact : By enticing a user to read a specially crafted e-mail or using a...