CVE-2012-5566 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17 as used in Horde Groupware Webmail Edition before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.

Reference

http://bugs.horde.org/ticket/11189 http://git.horde.org/horde-git/-/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2 http://lists.horde.org/archives/announce/2012/000773.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html http://secunia.com/advisories/51469 http://securitytracker.com/id?1027106 http://www.openwall.com/lists/oss-security/2012/11/23/3 http://www.openwall.com/lists/oss-security/2012/11/23/7 http://www.osvdb.org/82371 http://www.osvdb.org/82382 http://www.securityfocus.com/bid/56541 https://github.com/horde/horde/blob/master/kronolith/docs/CHANGES

Share on: