V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2008-1974
DEB
MediumConfirmedExploit available

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 all…

CVSS
4.3
Medium
EPSS
0.05
p90
Published
2008-01-01
Updated
2008-01-01
Description

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
GroupwareGroupware_webmail_edition
CVSS vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.049 · p90
Known exploited (KEV)
No
Known exploits — Сканер-ВС
31697
exploitdb · https://www.exploit-db.com/exploits/31697
Enterprise
Affected products
ProductVendorStatus
kronolith2Tracked
kronolith2Tracked
groupware*Tracked
groupware_webmail_edition*Tracked
Source databases
DEB
CVE
UBU