Vulnonym.org

CVE-2008-1974 - Exultant Persons

Description

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7 Groupware Webmail Edition 1.0.6 and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Reference

http://forum.aria-security.com/showthread.php?t=49 http://www.securityfocus.com/bid/28898 http://secunia.com/advisories/29920 http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html http://www.securitytracker.com/id?1019934 http://secunia.com/advisories/30649 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html http://securityreason.com/securityalert/3831 http://osvdb.org/51238 http://www.vupen.com/english/advisories/2008/1373/references https://www.debian.org/security/2008/dsa-1560 https://exchange.xforce.ibmcloud.com/vulnerabilities/41974 http://www.securityfocus.com/archive/1/491230/100/0/threaded Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7 Groupware Webmail Edition 1.0.6 and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.