Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5566

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5566
Last Modified 07 Apr 2014 11:59:25
Published 05 Apr 2014 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5566

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.

Vulnerable Systems

Application

  • Horde Groupware 4.0

  • Horde Groupware 4.0.1

  • Horde Groupware 4.0.2

  • Horde Groupware 4.0.3

  • Horde Groupware 4.0.4

  • Horde Groupware 4.0.5

  • Horde Groupware 4.0.6

  • Horde Groupware 4.0.7

  • Horde Kronolith H4 3.0

  • Horde Kronolith H4 3.0.1

  • Horde Kronolith H4 3.0.10

  • Horde Kronolith H4 3.0.11

  • Horde Kronolith H4 3.0.12

  • Horde Kronolith H4 3.0.13

  • Horde Kronolith H4 3.0.14

  • Horde Kronolith H4 3.0.15

  • Horde Kronolith H4 3.0.16

  • Horde Kronolith H4 3.0.2

  • Horde Kronolith H4 3.0.3

  • Horde Kronolith H4 3.0.4

  • Horde Kronolith H4 3.0.5

  • Horde Kronolith H4 3.0.6

  • Horde Kronolith H4 3.0.7

  • Horde Kronolith H4 3.0.8

  • Horde Kronolith H4 3.0.9


References

CONFIRM - https://github.com/horde/horde/blob/master/kronolith/docs/CHANGES

BID - 56541

OSVDB - 82382

OSVDB - 82371

MLIST - [oss-security] 20121123 Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws

MLIST - [oss-security] 20121123 CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws

SECTRACK - 1027106

SECUNIA - 51469

SUSE - openSUSE-SU-2012:1625

MLIST - [announce] 20120529 Horde Groupware Webmail Edition 4.0.8 (final)

CONFIRM - http://git.horde.org/horde-git/-/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2

CONFIRM - http://bugs.horde.org/ticket/11189


Last Updated: 27 May 2016 11:04:52