CVE-2012-5567

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
hordegroupware
𝑥
≤ 4.0.8
hordegroupware
4.0
hordegroupware
4.0:rc1
hordegroupware
4.0:rc2
hordegroupware
4.0.1
hordegroupware
4.0.2
hordegroupware
4.0.3
hordegroupware
4.0.4
hordegroupware
4.0.5
hordegroupware
4.0.6
hordegroupware
4.0.7
hordekronolith_h4
𝑥
≤ 3.0.17
hordekronolith_h4
3.0
hordekronolith_h4
3.0:alpha1
hordekronolith_h4
3.0:beta1
hordekronolith_h4
3.0:rc1
hordekronolith_h4
3.0:rc2
hordekronolith_h4
3.0.1
hordekronolith_h4
3.0.2
hordekronolith_h4
3.0.3
hordekronolith_h4
3.0.4
hordekronolith_h4
3.0.5
hordekronolith_h4
3.0.6
hordekronolith_h4
3.0.7
hordekronolith_h4
3.0.8
hordekronolith_h4
3.0.9
hordekronolith_h4
3.0.10
hordekronolith_h4
3.0.11
hordekronolith_h4
3.0.12
hordekronolith_h4
3.0.13
hordekronolith_h4
3.0.14
hordekronolith_h4
3.0.15
hordekronolith_h4
3.0.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kronolith2
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
dne
raring
dne
quantal
dne
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e
http://lists.horde.org/archives/announce/2012/000836.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html
http://secunia.com/advisories/51233
http://secunia.com/advisories/51469
http://www.openwall.com/lists/oss-security/2012/11/23/3
http://www.openwall.com/lists/oss-security/2012/11/23/7
http://www.osvdb.org/87345
http://www.securityfocus.com/bid/56541
https://bugzilla.redhat.com/show_bug.cgi?id=879684
https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES
http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e
http://lists.horde.org/archives/announce/2012/000836.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html
http://secunia.com/advisories/51233
http://secunia.com/advisories/51469
http://www.openwall.com/lists/oss-security/2012/11/23/3
http://www.openwall.com/lists/oss-security/2012/11/23/7
http://www.osvdb.org/87345
http://www.securityfocus.com/bid/56541
https://bugzilla.redhat.com/show_bug.cgi?id=879684
https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES