CVE-2012-5566

Horde Kronolith Calendar Application H4 <3.0.17 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.

References (12)

Scores

EPSS 0.0065
EPSS Percentile 70.6%

Details

CWE
CWE-79
Status published
Products (32)
horde/kronolith_h4 < 3.0.16
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
horde/kronolith_h4
... and 22 more
Published Apr 05, 2014
Tracked Since Feb 18, 2026