Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2012-5458 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T21:14:15.603Z
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5567

No data.

Status : Deferred
Published: 2014-04-05T21:55:06.300
Modified: 2025-04-12T10:46:40.837
Link: CVE-2012-5567

No data.

No data.