9 matches found
CVE-2008-7219
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...
CVE-2008-7219
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...
CVE-2006-6175
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. dot dot sequence in the view parameter...
CVE-2006-6175
CVE-2006-6175 affects Horde Kronolith (lib/FBView.php) where a raw unfiltered string enables directory traversal with a .. sequence in the view parameter, allowing an authenticated or remote attacker to include arbitrary files and execute PHP code. Affected: Kronolith H3 < 2.0.7 and Kronolith ...
CVE-2005-4189
Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...
CVE-2005-4189
Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...
CVE-2005-4189
CVE-2005-4189 covers multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 prior to 2.0.6. The issue arises from insufficient input sanitisation in several user-controllable fields (Calendar name when creating calendars; event title when deleting events; Category and Location ...
CVE-2005-4189
Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...
kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields
Announce of Kronolith H3 2.0.6 final: This 2.0.6 is a security release that fixes cross site scripting vulnerabilities in several of the calendar name and event data fields. None of the vulnerabilities can be exploited by unauthenticated users; however, we strongly recommend that all users of...