Lucene search
K

9 matches found

NVD
NVD
added 2009/09/13 10:30 p.m.26 views

CVE-2008-7219

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...

10CVSS6.5AI score0.02744EPSS
Exploits0References13
Cvelist
Cvelist
added 2009/09/13 10:0 p.m.29 views

CVE-2008-7219

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...

6.5AI score0.02744EPSS
Exploits0References13
NVD
NVD
added 2006/11/30 4:28 p.m.12 views

CVE-2006-6175

Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. dot dot sequence in the view parameter...

7.5CVSS7.1AI score0.02244EPSS
Exploits0References9
CVE
CVE
added 2006/11/30 4:0 p.m.48 views

CVE-2006-6175

CVE-2006-6175 affects Horde Kronolith (lib/FBView.php) where a raw unfiltered string enables directory traversal with a .. sequence in the view parameter, allowing an authenticated or remote attacker to include arbitrary files and execute PHP code. Affected: Kronolith H3 < 2.0.7 and Kronolith ...

7.5CVSS7.2AI score0.02244EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2005/12/13 11:3 a.m.21 views

CVE-2005-4189

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...

3.5CVSS5.4AI score0.01432EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2005/12/13 11:3 a.m.14 views

CVE-2005-4189

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...

3.5CVSS6AI score0.01432EPSS
Exploits0References1
CVE
CVE
added 2005/12/13 11:0 a.m.57 views

CVE-2005-4189

CVE-2005-4189 covers multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 prior to 2.0.6. The issue arises from insufficient input sanitisation in several user-controllable fields (Calendar name when creating calendars; event title when deleting events; Category and Location ...

3.5CVSS5.4AI score0.01432EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2005/12/13 11:0 a.m.27 views

CVE-2005-4189

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...

5.4AI score0.01432EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2005/12/11 12:0 a.m.9 views

kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields

Announce of Kronolith H3 2.0.6 final: This 2.0.6 is a security release that fixes cross site scripting vulnerabilities in several of the calendar name and event data fields. None of the vulnerabilities can be exploited by unauthenticated users; however, we strongly recommend that all users of...

2AI score
Exploits0References1
Rows per page
Query Builder