CVE-2012-6620 — Cross-site Scripting in Php-horde-kronolith

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Php-horde-kronolith Horde Kronolith H4

Timeline

PublishedJan 16

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/php-horde-kronolith< php-horde-kronolith 4.0.2-1 (bookworm)

▶NVDhorde/kronolith_h43.0.16+16

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2hg8-4q64-3p6w: Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3↗2022-05-17

▶

OSV

CVE-2012-6620: Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3↗2014-01-16

▶

📋Vendor Advisories

Debian

CVE-2012-6620: php-horde-kronolith - Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) sea...↗2012

▶