Vulnerability Details CVE-2012-6620
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://bugs.horde.org/ticket/11189
- http://lists.horde.org/archives/announce/2012/000766.html
- http://secunia.com/advisories/49147
- http://www.securityfocus.com/bid/53731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
- https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
- http://bugs.horde.org/ticket/11189
- http://lists.horde.org/archives/announce/2012/000766.html
- http://secunia.com/advisories/49147
- http://www.securityfocus.com/bid/53731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
- https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
Products affected by CVE-2012-6620
-
cpe:2.3:a:horde:kronolith_h4:3.0
-
cpe:2.3:a:horde:kronolith_h4:3.0.1
-
cpe:2.3:a:horde:kronolith_h4:3.0.10
-
cpe:2.3:a:horde:kronolith_h4:3.0.11
-
cpe:2.3:a:horde:kronolith_h4:3.0.12
-
cpe:2.3:a:horde:kronolith_h4:3.0.13
-
cpe:2.3:a:horde:kronolith_h4:3.0.14
-
cpe:2.3:a:horde:kronolith_h4:3.0.15
-
cpe:2.3:a:horde:kronolith_h4:3.0.16
-
cpe:2.3:a:horde:kronolith_h4:3.0.2
-
cpe:2.3:a:horde:kronolith_h4:3.0.3
-
cpe:2.3:a:horde:kronolith_h4:3.0.4
-
cpe:2.3:a:horde:kronolith_h4:3.0.5
-
cpe:2.3:a:horde:kronolith_h4:3.0.6
-
cpe:2.3:a:horde:kronolith_h4:3.0.7
-
cpe:2.3:a:horde:kronolith_h4:3.0.8
-
cpe:2.3:a:horde:kronolith_h4:3.0.9