CVE Vulnerability

CVE-2008-1974

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://forum.aria-security.com/showthread.php?t=49 Exploit
http://www.securityfocus.com/bid/28898 Exploit
http://secunia.com/advisories/29920 Vendor Advisory
http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html
http://www.securitytracker.com/id?1019934
http://secunia.com/advisories/30649
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html
http://securityreason.com/securityalert/3831
http://osvdb.org/51238
http://www.vupen.com/english/advisories/2008/1373/references
https://www.debian.org/security/2008/dsa-1560
https://exchange.xforce.ibmcloud.com/vulnerabilities/41974
http://www.securityfocus.com/archive/1/491230/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:horde:groupware_webmail_edition:1.0.6:*:*:*:*:*:*:*
Information

Published : 2008-04-27 07:05

Updated : 2018-10-11 08:38

NVD link : CVE-2008-1974

Mitre link : CVE-2008-1974

Products Affected
No products.
CWE
CWE-79