Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2005-4189

Published: 13/12/2005 Updated: 08/03/2011
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Kronolith H3

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 prior to 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

horde kronolith h3 2.0.2

horde kronolith h3 2.0.2_rc1

horde kronolith h3 2.0_beta

horde kronolith h3 2.0_rc1

horde kronolith h3 2.0

horde kronolith h3 2.0.1

horde kronolith h3 2.0.5

horde kronolith h3 2.0_alpha

horde kronolith h3 2.0.3

horde kronolith h3 2.0.3_rc1

horde kronolith h3 2.0_rc2

horde kronolith h3 2.0_rc3

horde kronolith h3 2.0.4

horde kronolith h3 2.0.4_rc1

Vendor Advisories

Debian Security Advisories: DSA-970-1 kronolith -- missing input sanitising
Johannes Greil of SEC Consult discovered several cross-site scripting vulnerabilities in kronolith, the Horde calendar application The old stable distribution (woody) does not contain kronolith packages For the stable distribution (sarge) these problems have been fixed in version 114-2sarge1 For the unstable distribution (sid) these problems h ...

References

NVD-CWE-Otherhttp://lists.horde.org/archives/announce/2005/000234.htmlhttp://www.sec-consult.com/245.htmlhttp://secunia.com/advisories/17971http://www.securityfocus.com/bid/15808http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.htmlhttp://www.osvdb.org/21608http://www.osvdb.org/21609http://www.osvdb.org/21610http://www.osvdb.org/21611http://www.debian.org/security/2006/dsa-970http://secunia.com/advisories/18827http://www.vupen.com/english/advisories/2005/2834https://nvd.nist.govhttps://www.debian.org/security/./dsa-970
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook