CVE-2012-6620

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
hordekronolith_h4
𝑥
≤ 3.0.16
hordekronolith_h4
3.0
hordekronolith_h4
3.0:alpha1
hordekronolith_h4
3.0:beta1
hordekronolith_h4
3.0:rc1
hordekronolith_h4
3.0:rc2
hordekronolith_h4
3.0.1
hordekronolith_h4
3.0.2
hordekronolith_h4
3.0.3
hordekronolith_h4
3.0.4
hordekronolith_h4
3.0.5
hordekronolith_h4
3.0.6
hordekronolith_h4
3.0.7
hordekronolith_h4
3.0.8
hordekronolith_h4
3.0.9
hordekronolith_h4
3.0.10
hordekronolith_h4
3.0.11
hordekronolith_h4
3.0.12
hordekronolith_h4
3.0.13
hordekronolith_h4
3.0.14
hordekronolith_h4
3.0.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-horde-kronolith
bullseye
4.2.29-2
fixed
sid
4.2.29-3
fixed
bookworm
4.2.29-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-horde-kronolith
saucy
not-affected
raring
not-affected
quantal
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://bugs.horde.org/ticket/11189
http://lists.horde.org/archives/announce/2012/000766.html
http://secunia.com/advisories/49147
http://www.securityfocus.com/bid/53731
https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
http://bugs.horde.org/ticket/11189
http://lists.horde.org/archives/announce/2012/000766.html
http://secunia.com/advisories/49147
http://www.securityfocus.com/bid/53731
https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2