CVE-2012-6620: XSS
First published: Thu Jan 16 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Kronolith | <=3.0.16 | |
| Horde Kronolith | =3.0 | |
| Horde Kronolith | =3.0-alpha1 | |
| Horde Kronolith | =3.0-beta1 | |
| Horde Kronolith | =3.0-rc1 | |
| Horde Kronolith | =3.0-rc2 | |
| Horde Kronolith | =3.0.1 | |
| Horde Kronolith | =3.0.2 | |
| Horde Kronolith | =3.0.3 | |
| Horde Kronolith | =3.0.4 | |
| Horde Kronolith | =3.0.5 | |
| Horde Kronolith | =3.0.6 | |
| Horde Kronolith | =3.0.7 | |
| Horde Kronolith | =3.0.8 | |
| Horde Kronolith | =3.0.9 | |
| Horde Kronolith | =3.0.10 | |
| Horde Kronolith | =3.0.11 | |
| Horde Kronolith | =3.0.12 | |
| Horde Kronolith | =3.0.13 | |
| Horde Kronolith | =3.0.14 | |
| Horde Kronolith | =3.0.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.horde.org/ticket/11189
- http://lists.horde.org/archives/announce/2012/000766.html
- http://secunia.com/advisories/49147
- http://www.securityfocus.com/bid/53731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
- https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
Frequently Asked Questions
What is the severity of CVE-2012-6620?
CVE-2012-6620 is classified as a moderate severity vulnerability affecting multiple versions of Horde Kronolith H4.
How do I fix CVE-2012-6620?
To fix CVE-2012-6620, you need to update Horde Kronolith H4 to version 3.0.17 or later.
What kind of vulnerabilities are associated with CVE-2012-6620?
CVE-2012-6620 involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML.
Which versions of Horde Kronolith H4 are affected by CVE-2012-6620?
CVE-2012-6620 affects all versions of Horde Kronolith H4 prior to 3.0.17.
Can CVE-2012-6620 lead to data breaches?
Yes, CVE-2012-6620 can potentially lead to data breaches by allowing attackers to execute malicious scripts in the context of users' sessions.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/horde
- canonical/horde kronolith
- version/horde kronolith/3.0.16
- version/horde kronolith/3.0
- version/horde kronolith/3.0-alpha1
- version/horde kronolith/3.0-beta1
- version/horde kronolith/3.0-rc1
- version/horde kronolith/3.0-rc2
- version/horde kronolith/3.0.1
- version/horde kronolith/3.0.2
- version/horde kronolith/3.0.3
- version/horde kronolith/3.0.4
- version/horde kronolith/3.0.5
- version/horde kronolith/3.0.6
- version/horde kronolith/3.0.7
- version/horde kronolith/3.0.8
- version/horde kronolith/3.0.9
- version/horde kronolith/3.0.10
- version/horde kronolith/3.0.11
- version/horde kronolith/3.0.12
- version/horde kronolith/3.0.13
- version/horde kronolith/3.0.14
- version/horde kronolith/3.0.15