CVE-2005-4189

CVE	CVE-2005-4189
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-12-13 11:03:00 UTC
Updated	2011-03-08 02:27:00 UTC
Description	Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.

Problem Types: NVD-CWE-Other

Type	Vendor	Product	Version	Update	Edition	Language
Application	Horde	Kronolith H3	2.0	All	All	All
Application	Horde	Kronolith H3	2.0.1	All	All	All
Application	Horde	Kronolith H3	2.0.2	All	All	All
Application	Horde	Kronolith H3	2.0.2_rc1	All	All	All
Application	Horde	Kronolith H3	2.0.3	All	All	All
Application	Horde	Kronolith H3	2.0.3_rc1	All	All	All
Application	Horde	Kronolith H3	2.0.4	All	All	All
Application	Horde	Kronolith H3	2.0.4_rc1	All	All	All
Application	Horde	Kronolith H3	2.0.5	All	All	All
Application	Horde	Kronolith H3	2.0_alpha	All	All	All
Application	Horde	Kronolith H3	2.0_beta	All	All	All
Application	Horde	Kronolith H3	2.0_rc1	All	All	All
Application	Horde	Kronolith H3	2.0_rc2	All	All	All
Application	Horde	Kronolith H3	2.0_rc3	All	All	All
Application	Horde	Kronolith H3	2.0	All	All	All
Application	Horde	Kronolith H3	2.0.1	All	All	All
Application	Horde	Kronolith H3	2.0.2	All	All	All
Application	Horde	Kronolith H3	2.0.2_rc1	All	All	All
Application	Horde	Kronolith H3	2.0.3	All	All	All
Application	Horde	Kronolith H3	2.0.3_rc1	All	All	All
Application	Horde	Kronolith H3	2.0.4	All	All	All
Application	Horde	Kronolith H3	2.0.4_rc1	All	All	All
Application	Horde	Kronolith H3	2.0.5	All	All	All
Application	Horde	Kronolith H3	2.0_alpha	All	All	All
Application	Horde	Kronolith H3	2.0_beta	All	All	All
Application	Horde	Kronolith H3	2.0_rc1	All	All	All
Application	Horde	Kronolith H3	2.0_rc2	All	All	All
Application	Horde	Kronolith H3	2.0_rc3	All	All	All

Reference	Source	Link	Tags
21608	OSVDB	www.osvdb.org	Patch
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
21610	OSVDB	www.osvdb.org	Patch
404 - Page not found! - SEC Consult	MISC	www.sec-consult.com	Vendor Advisory
Horde Kronolith Multiple HTML Injection Vulnerabilities	BID	www.securityfocus.com	Patch
Debian -- Security Information -- DSA-970-1 kronolith	DEBIAN	www.debian.org
Neohapsis Archives - Full Disclosure List - #0459 - [Full-disclosure] SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook	FULLDISC	archives.neohapsis.com	Vendor Advisory
Debian update for kronolith - Advisories - Secunia	SECUNIA	secunia.com
Secunia - Advisories - Kronolith Script Insertion Vulnerabilities	SECUNIA	secunia.com	Patch, Vendor Advisory
21609	OSVDB	www.osvdb.org	Patch
[announce] Kronolith H3 (2.0.6) (final)	MLIST	lists.horde.org	Patch
21611	OSVDB	www.osvdb.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.