Debian Php-Horde-Kronolith vulnerabilities

CVE-2017-16906 [MEDIUM] CVE-2017-16906: php-horde-kronolith - In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar ... In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. Scope: local bookworm: resolved (fixed in 4.2.24-1) bullseye: resolved (fixed in 4.2.24-1) sid: resolved (fixed in 4.2.24-1)

CVE-2017-16908 [MEDIUM] CVE-2017-16908: php-horde-kronolith - In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a ... In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. Scope: local bookworm: resolved (fixed in 4.2.24-1) bullseye: resolved (fixed in 4.2.24-1) si

CVE-2013-6365 [MEDIUM] CVE-2013-6365: php-horde - Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions Scope: local bookworm: resolved (fixed in 5.1.5+debian0-1) bullseye: resolved (fixed in 5.1.5+debian0-1) sid: resolved (fixed in 5.1.5+debian0-1)

CVE-2012-6620 [MEDIUM] CVE-2012-6620: php-horde-kronolith - Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) sea... Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 4.0.2-1) bullseye: resolved (fixed in 4.0.2-1) sid: resolved (fixed in 4.0.2-1)