CVE-2020-7918 — CVSS 5.4 (medium): An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail…
CVE-2018-15513 — CVSS 5.3 (medium): Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor…