Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 prior to 3.0.18, as used in Horde Groupware Webmail Edition prior to 4.0.9, allow remote malicious users to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
horde groupware 4.0 |
||
horde groupware 4.0.3 |
||
horde groupware 4.0.1 |
||
horde groupware |
||
horde groupware 4.0.7 |
||
horde groupware 4.0.6 |
||
horde groupware 4.0.5 |
||
horde groupware 4.0.4 |
||
horde groupware 4.0.2 |
||
horde kronolith h4 3.0.16 |
||
horde kronolith h4 |
||
horde kronolith h4 3.0.2 |
||
horde kronolith h4 3.0.3 |
||
horde kronolith h4 3.0.4 |
||
horde kronolith h4 3.0 |
||
horde kronolith h4 3.0.13 |
||
horde kronolith h4 3.0.15 |
||
horde kronolith h4 3.0.6 |
||
horde kronolith h4 3.0.8 |
||
horde kronolith h4 3.0.1 |
||
horde kronolith h4 3.0.10 |
||
horde kronolith h4 3.0.11 |
||
horde kronolith h4 3.0.9 |
||
horde kronolith h4 3.0.12 |
||
horde kronolith h4 3.0.14 |
||
horde kronolith h4 3.0.5 |
||
horde kronolith h4 3.0.7 |
Vulmon