QwikSec

Security Database

CVE

CWE

Training

CVE-2012-5567

Published: Apr 5, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES

x_refsource_CONFIRM

openSUSE-SU-2012:1625

vendor-advisory

x_refsource_SUSE

[oss-security] 20121123 CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws

mailing-list

x_refsource_MLIST

[oss-security] 20121123 Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

[announce] 20121114 Kronolith H4 (3.0.18) (final)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=879684

x_refsource_CONFIRM

http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.