4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
87.1%
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
forum.aria-security.com/showthread.php?t=49
lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html
osvdb.org/51238
secunia.com/advisories/29920
secunia.com/advisories/30649
securityreason.com/securityalert/3831
www.securityfocus.com/archive/1/491230/100/0/threaded
www.securityfocus.com/bid/28898
www.securitytracker.com/id?1019934
www.vupen.com/english/advisories/2008/1373/references
exchange.xforce.ibmcloud.com/vulnerabilities/41974
www.debian.org/security/2008/dsa-1560
www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html
www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html