Lucene search

[email protected]CVE-2008-2783

HistoryJun 19, 2008 - 8:41 p.m.

CVE-2008-2783

2008-06-1920:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2783

cross-site scripting

xss

vulnerabilities

horde groupware

groupware webmail

kronolith

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CPENameOperatorVersion
horde:kronolithhorde kronolitheq*
horde:groupwarehorde groupwareeq*
horde:groupware_webmail_editionhorde groupware webmail editioneq*

CPE	Name	Operator	Version
horde:kronolith	horde kronolith	eq	*
horde:groupware	horde groupware	eq	*
horde:groupware_webmail_edition	horde groupware webmail edition	eq	*

References

www.securityfocus.com/bid/29365

exchange.xforce.ibmcloud.com/vulnerabilities/42640

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.0%

JSON

Related for CVE-2008-2783

prion1 cvelist1 ubuntucve1