Cross-site Scripting Vulnerability in Horde Kronolith and Groupware by Horde
CVE-2008-1974
Currently unrated
Key Information:
- Vendor
Horde
- Vendor
- CVE Published:
- 27 April 2008
What is CVE-2008-1974?
A cross-site scripting (XSS) vulnerability exists in the addevent.php file of Horde Kronolith versions 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5. This flaw allows remote attackers to exploit the 'url' parameter, injecting arbitrary web scripts or HTML. Successful exploitation could lead to unauthorized actions being performed on behalf of the victim, data theft, or other malicious outcomes.
