CVE-2012-6620

Kronolith H4 < 3.0.17 - Cross-Site Scripting in Tasks and Search Views

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (6)

Core 6

Core References

Various Sources mailing-list x_refsource_mlist

http://lists.horde.org/archives/announce/2012/000766.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49147

Various Sources x_refsource_misc

http://bugs.horde.org/ticket/11189

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53731

Exploit, Patch x_refsource_confirm

https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2

View Exploit ZIP pw:eip

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/75563

Scores

EPSS 0.0209

EPSS Percentile 79.2%

Details

CWE

CWE-79

Status published

Products (17)

horde/kronolith_h4 3.0 (5 CPE variants)

horde/kronolith_h4 3.0.1

horde/kronolith_h4 3.0.2

horde/kronolith_h4 3.0.3

horde/kronolith_h4 3.0.4

horde/kronolith_h4 3.0.5

horde/kronolith_h4 3.0.6

horde/kronolith_h4 3.0.7

horde/kronolith_h4 3.0.8

horde/kronolith_h4 3.0.9

... and 7 more

Published Jan 16, 2014

Tracked Since Feb 18, 2026