CVE-2008-1974

Horde Kronolith <2.1.7, Horde Groupware <1.0.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsphp

https://www.exploit-db.com/exploits/31697

View Code ZIP pw:eip

References (14)

[Exploit] http://forum.aria-security.com/showthread.php?t=49

[Various Sources] http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html

[Vendor Advisory] http://secunia.com/advisories/29920

[Exploit] http://www.securityfocus.com/bid/28898

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/491230/100/0/threaded

[Third Party Advisory] https://www.debian.org/security/2008/dsa-1560

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41974

[Third Party Advisory, VDB Entry] http://osvdb.org/51238

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019934

[Third Party Advisory] http://secunia.com/advisories/30649

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1373/references

[Third Party Advisory] http://securityreason.com/securityalert/3831

Scores

EPSS 0.0215

EPSS Percentile 84.0%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

horde/groupware

horde/groupware_webmail_edition

Timeline

Published Apr 27, 2008

Tracked Since Feb 18, 2026