Cross-site Scripting Vulnerability in Horde Kronolith and Groupware by Horde
CVE-2008-1974

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
27 April 2008

What is CVE-2008-1974?

A cross-site scripting (XSS) vulnerability exists in the addevent.php file of Horde Kronolith versions 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5. This flaw allows remote attackers to exploit the 'url' parameter, injecting arbitrary web scripts or HTML. Successful exploitation could lead to unauthorized actions being performed on behalf of the victim, data theft, or other malicious outcomes.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.