Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
forum.aria-security.com/showthread.php?t=49
lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html
osvdb.org/51238
secunia.com/advisories/29920
secunia.com/advisories/30649
securityreason.com/securityalert/3831
www.securityfocus.com/archive/1/491230/100/0/threaded
www.securityfocus.com/bid/28898
www.securitytracker.com/id?1019934
www.vupen.com/english/advisories/2008/1373/references
exchange.xforce.ibmcloud.com/vulnerabilities/41974
www.debian.org/security/2008/dsa-1560
www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html
www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html