Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5567

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5567
Last Modified 07 Apr 2014 11:32:22
Published 05 Apr 2014 05:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5567

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.

Vulnerable Systems

Application

  • Horde Groupware 4.0

  • Horde Groupware 4.0.1

  • Horde Groupware 4.0.2

  • Horde Groupware 4.0.3

  • Horde Groupware 4.0.4

  • Horde Groupware 4.0.5

  • Horde Groupware 4.0.6

  • Horde Groupware 4.0.7

  • Horde Groupware 4.0.8

  • Horde Kronolith H4 3.0

  • Horde Kronolith H4 3.0.1

  • Horde Kronolith H4 3.0.10

  • Horde Kronolith H4 3.0.11

  • Horde Kronolith H4 3.0.12

  • Horde Kronolith H4 3.0.13

  • Horde Kronolith H4 3.0.14

  • Horde Kronolith H4 3.0.15

  • Horde Kronolith H4 3.0.16

  • Horde Kronolith H4 3.0.17

  • Horde Kronolith H4 3.0.2

  • Horde Kronolith H4 3.0.3

  • Horde Kronolith H4 3.0.4

  • Horde Kronolith H4 3.0.5

  • Horde Kronolith H4 3.0.6

  • Horde Kronolith H4 3.0.7

  • Horde Kronolith H4 3.0.8

  • Horde Kronolith H4 3.0.9


References

CONFIRM - https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=879684

BID - 56541

OSVDB - 87345

MLIST - [oss-security] 20121123 Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws

MLIST - [oss-security] 20121123 CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws

SECUNIA - 51469

SECUNIA - 51233

SUSE - openSUSE-SU-2012:1625

MLIST - [announce] 20121114 Kronolith H4 (3.0.18) (final)

CONFIRM - http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e


Last Updated: 27 May 2016 11:04:52