CVE-2005-4189 — Cross-site Scripting in Kronolith H3

2 documents2 sources

Severity

3.5LOWNVD

EPSS

1.1%

top 21.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Horde Kronolith H3

Timeline

PublishedDec 13

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDhorde/kronolith_h314 versions+13

Patches

Patch: lists.horde.org ↗Patch: secunia.com ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-872c-p5hc-3585: Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2↗2022-05-01

▶