Horde Kronolith H4 vulnerabilities

3 known vulnerabilities affecting horde/kronolith_h4.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2012-5566MEDIUMCVSS 4.3≤ 3.0.16v3.0+15 more2014-04-05

CVE-2012-5566 [MEDIUM] CWE-79 CVE-2012-5566: Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 befor Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.

CVE-2012-5567MEDIUMCVSS 4.3≤ 3.0.17v3.0+16 more2014-04-05

CVE-2012-5567 [MEDIUM] CWE-79 CVE-2012-5567: Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 befor Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.

CVE-2012-6620MEDIUMCVSS 4.3≤ 3.0.16v3.0+15 more2014-01-16

CVE-2012-6620 [MEDIUM] CWE-79 CVE-2012-6620: Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde K Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.