Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1974

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1974
Last Modified 07 Mar 2011 10:08:31
Published 27 Apr 2008 03:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1974

Summary

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Vulnerable Systems

Application

  • Horde Groupware 1.0.5

  • Horde Groupware Webmail Edition 1.0.6


References

FEDORA - FEDORA-2008-3460

FEDORA - FEDORA-2008-3543

XF - horde-webmail-addevent-xss(41974)

VUPEN - ADV-2008-1373

BID - 28898

BUGTRAQ - 20080422 Horde Webmail XSS [Aria-Security]

SREASON - 3831

SECUNIA - 30649

SECUNIA - 29920

OSVDB - 51238

MISC - http://forum.aria-security.com/showthread.php?t=49

SECTRACK - 1019934

MLIST - [kronolith] 20080427 Kronolith H3 (2.1.8) (final)

DEBIAN - DSA-1560


Last Updated: 27 May 2016 10:47:42