Lucene search

[email protected]CVE-2012-5567

HistoryApr 05, 2014 - 9:55 p.m.

CVE-2012-5567

2014-04-0521:55:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-5567

cross-site scripting

xss vulnerabilities

horde kronolith calendar

webmail

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.

Affected configurations

NVD

Node

hordegroupwareRange≤4.0.8webamail

hordegroupwareMatch4.0webamail

hordegroupwareMatch4.0rc1webamail

hordegroupwareMatch4.0rc2webamail

hordegroupwareMatch4.0.1webamail

hordegroupwareMatch4.0.2webamail

hordegroupwareMatch4.0.3webamail

hordegroupwareMatch4.0.4webamail

hordegroupwareMatch4.0.5webamail

hordegroupwareMatch4.0.6webamail

hordegroupwareMatch4.0.7webamail

Node

hordekronolith_h4Range≤3.0.17

hordekronolith_h4Match3.0

hordekronolith_h4Match3.0alpha1

hordekronolith_h4Match3.0beta1

hordekronolith_h4Match3.0rc1

hordekronolith_h4Match3.0rc2

hordekronolith_h4Match3.0.1

hordekronolith_h4Match3.0.2

hordekronolith_h4Match3.0.3

hordekronolith_h4Match3.0.4

hordekronolith_h4Match3.0.5

hordekronolith_h4Match3.0.6

hordekronolith_h4Match3.0.7

hordekronolith_h4Match3.0.8

hordekronolith_h4Match3.0.9

hordekronolith_h4Match3.0.10

hordekronolith_h4Match3.0.11

hordekronolith_h4Match3.0.12

hordekronolith_h4Match3.0.13

hordekronolith_h4Match3.0.14

hordekronolith_h4Match3.0.15

hordekronolith_h4Match3.0.16

CPENameOperatorVersion
horde:groupwarehorde groupwarele4.0.8
horde:groupwarehorde groupwareeq4.0
horde:groupwarehorde groupwareeq4.0.1
horde:groupwarehorde groupwareeq4.0.2
horde:groupwarehorde groupwareeq4.0.3
horde:groupwarehorde groupwareeq4.0.4
horde:groupwarehorde groupwareeq4.0.5
horde:groupwarehorde groupwareeq4.0.6
horde:groupwarehorde groupwareeq4.0.7

CPE	Name	Operator	Version
horde:groupware	horde groupware	le	4.0.8
horde:groupware	horde groupware	eq	4.0
horde:groupware	horde groupware	eq	4.0.1
horde:groupware	horde groupware	eq	4.0.2
horde:groupware	horde groupware	eq	4.0.3
horde:groupware	horde groupware	eq	4.0.4
horde:groupware	horde groupware	eq	4.0.5
horde:groupware	horde groupware	eq	4.0.6
horde:groupware	horde groupware	eq	4.0.7

References

git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e

lists.horde.org/archives/announce/2012/000836.html

lists.opensuse.org/opensuse-updates/2012-12/msg00019.html

secunia.com/advisories/51233

secunia.com/advisories/51469

www.openwall.com/lists/oss-security/2012/11/23/3

www.openwall.com/lists/oss-security/2012/11/23/7

www.osvdb.org/87345

www.securityfocus.com/bid/56541

bugzilla.redhat.com/show_bug.cgi?id=879684

github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for CVE-2012-5567

ubuntucve1 cvelist1 prion1 nvd1 nessus1