V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2008-2783
DEB
MediumConfirmedExploit available

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to …

CVSS
4.3
Medium
EPSS
0.02
p70
Published
2008-01-01
Updated
2008-01-01
Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
GroupwareGroupware_webmail_editionKronolith
CVSS vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.015 · p70
Known exploited (KEV)
No
Known exploits — Сканер-ВС
31838
exploitdb · https://www.exploit-db.com/exploits/31838
Enterprise
31839
exploitdb · https://www.exploit-db.com/exploits/31839
Enterprise
31840
exploitdb · https://www.exploit-db.com/exploits/31840
Enterprise
Affected products
ProductVendorStatus
horde3Tracked
horde3Tracked
kronolith2Tracked
kronolith2Tracked
groupware*Tracked
groupware_webmail_edition*Tracked
kronolith*Tracked
Source databases
DEB
CVE
UBU