V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-5566
DEB
Medium

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware We…

CVSS
4.3
Medium
EPSS
0.02
p82
Published
2012-01-01
Updated
2012-01-01
Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.17, as used in Horde Groupware Webmail Edition before 4.0.8, allow remote attackers to inject arbitrary web script or HTML via the (1) tasks view or (2) search view.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
Groupware ≤ 4.0.7Groupware
CVSS vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.024 · p82
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
kronolith2Tracked
kronolith2Tracked
groupware*Tracked
kronolith_h4*Tracked
Source databases
DEB
CVE
UBU