CVE-2008-1974 Information
Description
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7 Groupware Webmail Edition 1.0.6 and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Reference
http://forum.aria-security.com/showthread.php?t=49 http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html http://osvdb.org/51238 http://secunia.com/advisories/29920 http://secunia.com/advisories/30649 http://securityreason.com/securityalert/3831 http://www.securityfocus.com/archive/1/491230/100/0/threaded http://www.securityfocus.com/bid/28898 http://www.securitytracker.com/id?1019934 http://www.vupen.com/english/advisories/2008/1373/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41974 https://www.debian.org/security/2008/dsa-1560 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7 Groupware Webmail Edition 1.0.6 and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Share on: