CVE-2012-5567
published 2014-04-05CVE-2012-5567: Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.44%
82.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | groupware | <= 4.0.8 | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | groupware | — | — |
| horde | kronolith_h4 | <= 3.0.17 | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
| horde | kronolith_h4 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Horde Groupware up to 4.0.8 Portal Blocks cross site scripting (Nessus ID 74830 / ID 165847)
vuldb·2026-05-09·CVSS 4.3
CVE-2012-5567 [MEDIUM] Horde Groupware up to 4.0.8 Portal Blocks cross site scripting (Nessus ID 74830 / ID 165847)
A vulnerability marked as problematic has been reported in Horde Groupware up to 4.0.8. The affected element is an unknown function of the component Portal Blocks. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2012-5567. Remote exploitation of the attack is possible. No exploit is available.
It is suggested to upgrade the affected component.
GHSA
GHSA-6v37-hg26-pvmr: Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3
ghsa_unreviewed·2022-05-17
CVE-2012-5567 [MEDIUM] CWE-79 GHSA-6v37-hg26-pvmr: Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks
bugzilla·2012-11-23·CVSS 4.3
CVE-2012-5567 [MEDIUM] CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks
CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks
A cross-site scripting (XSS) flaw was found in the way Kronolith, the Horde calendar application, sanitized content of certain event location parameters passed to month, monthlist and prevmonthlist application fields. A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or webscript execution.
References:
[1] http://lists.horde.org/archives/announce/2012/000836.html
[2] https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES
Refevant upstream patch:
[3] http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e
Discussion:
These issues affect the versions of kronolith package, as shipped with Fedora releas
Bugzilla
CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks [epel-all]
bugzilla·2012-11-23·CVSS 4.3
CVE-2012-5567 [MEDIUM] CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks [epel-all]
CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
Bugzilla
CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks [fedora-all]
bugzilla·2012-11-23·CVSS 4.3
CVE-2012-5567 [MEDIUM] CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks [fedora-all]
CVE-2012-5567 kronolith: Multiple XSS flaws in the portal blocks [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue aff
http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1ehttp://lists.horde.org/archives/announce/2012/000836.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00019.htmlhttp://secunia.com/advisories/51233http://secunia.com/advisories/51469http://www.openwall.com/lists/oss-security/2012/11/23/3http://www.openwall.com/lists/oss-security/2012/11/23/7http://www.osvdb.org/87345http://www.securityfocus.com/bid/56541https://bugzilla.redhat.com/show_bug.cgi?id=879684https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGEShttp://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1ehttp://lists.horde.org/archives/announce/2012/000836.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00019.htmlhttp://secunia.com/advisories/51233http://secunia.com/advisories/51469http://www.openwall.com/lists/oss-security/2012/11/23/3http://www.openwall.com/lists/oss-security/2012/11/23/7http://www.osvdb.org/87345http://www.securityfocus.com/bid/56541https://bugzilla.redhat.com/show_bug.cgi?id=879684https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES
2014-04-05
Published