XSS in Horde Kronolith_h4
CVE-2012-6620
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (61.5th percentile) — read the EPSS interpretation.
Affected products
- Horde Kronolith_h4 — versions 3.0, 3.0.1, 3.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 49147 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_MISC)
- 53731 (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
- [announce] 20120514 Kronolith H4 (3.0.17) (final) (mailing-list, x_refsource_MLIST)
- kronolith-kronolith-xss(75563) (vdb-entry, x_refsource_XF)