CVE-2005-4189: XSS
First published: Tue Dec 13 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Kronolith | =2.0 | |
| Horde Kronolith | =2.0.1 | |
| Horde Kronolith | =2.0.2 | |
| Horde Kronolith | =2.0.2_rc1 | |
| Horde Kronolith | =2.0.3 | |
| Horde Kronolith | =2.0.3_rc1 | |
| Horde Kronolith | =2.0.4 | |
| Horde Kronolith | =2.0.4_rc1 | |
| Horde Kronolith | =2.0.5 | |
| Horde Kronolith | =2.0_alpha | |
| Horde Kronolith | =2.0_beta | |
| Horde Kronolith | =2.0_rc1 | |
| Horde Kronolith | =2.0_rc2 | |
| Horde Kronolith | =2.0_rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.horde.org/archives/announce/2005/000234.html
- http://www.sec-consult.com/245.html
- http://secunia.com/advisories/17971
- http://www.securityfocus.com/bid/15808
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html
- http://www.osvdb.org/21608
- http://www.osvdb.org/21609
- http://www.osvdb.org/21610
- http://www.osvdb.org/21611
- http://www.debian.org/security/2006/dsa-970
- http://secunia.com/advisories/18827
- http://www.vupen.com/english/advisories/2005/2834
Frequently Asked Questions
What is the severity of CVE-2005-4189?
CVE-2005-4189 has a moderate severity level due to its potential for cross-site scripting attacks.
How do I fix CVE-2005-4189?
To fix CVE-2005-4189, update your Horde Kronolith H3 to version 2.0.6 or later.
Which versions of Horde Kronolith H3 are affected by CVE-2005-4189?
CVE-2005-4189 affects Horde Kronolith H3 versions 2.0 through 2.0.5, including all release candidates.
What types of vulnerabilities are present in CVE-2005-4189?
CVE-2005-4189 contains multiple cross-site scripting (XSS) vulnerabilities.
Can CVE-2005-4189 be exploited by unauthenticated users?
No, CVE-2005-4189 requires remote authenticated users to exploit the vulnerabilities.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/horde
- canonical/horde kronolith
- version/horde kronolith/2.0
- version/horde kronolith/2.0.1
- version/horde kronolith/2.0.2
- version/horde kronolith/2.0.2_rc1
- version/horde kronolith/2.0.3
- version/horde kronolith/2.0.3_rc1
- version/horde kronolith/2.0.4
- version/horde kronolith/2.0.4_rc1
- version/horde kronolith/2.0.5
- version/horde kronolith/2.0_alpha
- version/horde kronolith/2.0_beta
- version/horde kronolith/2.0_rc1
- version/horde kronolith/2.0_rc2
- version/horde kronolith/2.0_rc3