CVE-2012-5567 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18 as used in Horde Groupware Webmail Edition before 4.0.9 allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month (2) monthlist or (3) prevmonthlist fields related to portal blocks.
Reference
http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e http://lists.horde.org/archives/announce/2012/000836.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html http://secunia.com/advisories/51233 http://secunia.com/advisories/51469 http://www.openwall.com/lists/oss-security/2012/11/23/3 http://www.openwall.com/lists/oss-security/2012/11/23/7 http://www.osvdb.org/87345 http://www.securityfocus.com/bid/56541 https://bugzilla.redhat.com/show_bug.cgi?id=879684 https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES
Share on: