CVE-2012-5566: XSS
First published: Sat Apr 05 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Kronolith | <=3.0.16 | |
| Horde Kronolith | =3.0 | |
| Horde Kronolith | =3.0-alpha1 | |
| Horde Kronolith | =3.0-beta1 | |
| Horde Kronolith | =3.0-rc1 | |
| Horde Kronolith | =3.0-rc2 | |
| Horde Kronolith | =3.0.1 | |
| Horde Kronolith | =3.0.2 | |
| Horde Kronolith | =3.0.3 | |
| Horde Kronolith | =3.0.4 | |
| Horde Kronolith | =3.0.5 | |
| Horde Kronolith | =3.0.6 | |
| Horde Kronolith | =3.0.7 | |
| Horde Kronolith | =3.0.8 | |
| Horde Kronolith | =3.0.9 | |
| Horde Kronolith | =3.0.10 | |
| Horde Kronolith | =3.0.11 | |
| Horde Kronolith | =3.0.12 | |
| Horde Kronolith | =3.0.13 | |
| Horde Kronolith | =3.0.14 | |
| Horde Kronolith | =3.0.15 | |
| Horde Groupware Webmail Edition | <=4.0.7 | |
| Horde Groupware Webmail Edition | =4.0 | |
| Horde Groupware Webmail Edition | =4.0-rc1 | |
| Horde Groupware Webmail Edition | =4.0-rc2 | |
| Horde Groupware Webmail Edition | =4.0.1 | |
| Horde Groupware Webmail Edition | =4.0.2 | |
| Horde Groupware Webmail Edition | =4.0.3 | |
| Horde Groupware Webmail Edition | =4.0.4 | |
| Horde Groupware Webmail Edition | =4.0.5 | |
| Horde Groupware Webmail Edition | =4.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.horde.org/ticket/11189
- http://git.horde.org/horde-git/-/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
- http://lists.horde.org/archives/announce/2012/000773.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html
- http://secunia.com/advisories/51469
- http://securitytracker.com/id?1027106
- http://www.openwall.com/lists/oss-security/2012/11/23/3
- http://www.openwall.com/lists/oss-security/2012/11/23/7
- http://www.osvdb.org/82371
- http://www.osvdb.org/82382
- http://www.securityfocus.com/bid/56541
- https://github.com/horde/horde/blob/master/kronolith/docs/CHANGES
Frequently Asked Questions
What is the severity of CVE-2012-5566?
CVE-2012-5566 has a medium severity level due to the potential for remote code execution through cross-site scripting attacks.
How do I fix CVE-2012-5566?
To fix CVE-2012-5566, upgrade to Horde Kronolith H4 version 3.0.17 or later.
What applications are affected by CVE-2012-5566?
CVE-2012-5566 affects Horde Kronolith Calendar Application H4 versions before 3.0.17 and Horde Groupware Webmail Edition versions before 4.0.8.
What are the exploit vectors for CVE-2012-5566?
The exploit vectors for CVE-2012-5566 include arbitrary web script or HTML injection through the tasks view and search view.
Can CVE-2012-5566 be exploited without authentication?
Yes, CVE-2012-5566 can be exploited by unauthenticated remote attackers.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/horde
- canonical/horde kronolith
- version/horde kronolith/3.0.16
- version/horde kronolith/3.0
- version/horde kronolith/3.0-alpha1
- version/horde kronolith/3.0-beta1
- version/horde kronolith/3.0-rc1
- version/horde kronolith/3.0-rc2
- version/horde kronolith/3.0.1
- version/horde kronolith/3.0.2
- version/horde kronolith/3.0.3
- version/horde kronolith/3.0.4
- version/horde kronolith/3.0.5
- version/horde kronolith/3.0.6
- version/horde kronolith/3.0.7
- version/horde kronolith/3.0.8
- version/horde kronolith/3.0.9
- version/horde kronolith/3.0.10
- version/horde kronolith/3.0.11
- version/horde kronolith/3.0.12
- version/horde kronolith/3.0.13
- version/horde kronolith/3.0.14
- version/horde kronolith/3.0.15
- canonical/horde groupware webmail edition
- version/horde groupware webmail edition/4.0.7
- version/horde groupware webmail edition/4.0
- version/horde groupware webmail edition/4.0-rc1
- version/horde groupware webmail edition/4.0-rc2
- version/horde groupware webmail edition/4.0.1
- version/horde groupware webmail edition/4.0.2
- version/horde groupware webmail edition/4.0.3
- version/horde groupware webmail edition/4.0.4
- version/horde groupware webmail edition/4.0.5
- version/horde groupware webmail edition/4.0.6