CVE-2008-1974

Horde Kronolith <2.1.7, Horde Groupware <1.0.6 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1974. PoCs published by Aria-Security Team.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Horde Webmail's Kronolith component. It includes a URL example demonstrating how an attacker could inject malicious script code via the 'url' parameter in the 'addevent.php' page.

Description

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsphp

https://www.exploit-db.com/exploits/31697

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Horde Webmail's Kronolith component. It includes a URL example demonstrating how an attacker could inject malicious script code via the 'url' parameter in the 'addevent.php' page.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Horde Kronolith 2.1.7 (included in Horde Groupware 1.0.5 and Horde Groupware Webmail Edition 1.0.6)

No auth needed

Prerequisites: Access to the vulnerable Kronolith addevent.php page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/51238

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29920

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28898

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30649

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1019934

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/491230/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41974

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1373/references

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2008/dsa-1560

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3831

Exploit x_refsource_misc

http://forum.aria-security.com/showthread.php?t=49

Various Sources mailing-list x_refsource_mlist

http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html

Scores

EPSS 0.0488

EPSS Percentile 90.9%

Details

CWE

CWE-79

Status published

Products (2)

horde/groupware 1.0.5

horde/groupware_webmail_edition 1.0.6

Published Apr 27, 2008

Tracked Since Feb 18, 2026