CVE-2012-6620

EUVD-2012-6466
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
hordekronolith_h4
𝑥
≤ 3.0.16
hordekronolith_h4
3.0
hordekronolith_h4
3.0:alpha1
hordekronolith_h4
3.0:beta1
hordekronolith_h4
3.0:rc1
hordekronolith_h4
3.0:rc2
hordekronolith_h4
3.0.1
hordekronolith_h4
3.0.2
hordekronolith_h4
3.0.3
hordekronolith_h4
3.0.4
hordekronolith_h4
3.0.5
hordekronolith_h4
3.0.6
hordekronolith_h4
3.0.7
hordekronolith_h4
3.0.8
hordekronolith_h4
3.0.9
hordekronolith_h4
3.0.10
hordekronolith_h4
3.0.11
hordekronolith_h4
3.0.12
hordekronolith_h4
3.0.13
hordekronolith_h4
3.0.14
hordekronolith_h4
3.0.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-horde-kronolith
bookworm
4.2.29-3
fixed
bullseye
4.2.29-2
fixed
sid
4.2.29-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-horde-kronolith
lucid
dne
precise
dne
quantal
dne
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://bugs.horde.org/ticket/11189
http://lists.horde.org/archives/announce/2012/000766.html
http://secunia.com/advisories/49147
http://www.securityfocus.com/bid/53731
https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
http://bugs.horde.org/ticket/11189
http://lists.horde.org/archives/announce/2012/000766.html
http://secunia.com/advisories/49147
http://www.securityfocus.com/bid/53731
https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2