Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Horde | Kronolith H4 | <= 3.0.16 |
Related Weaknesses (CWE)
References
- http://bugs.horde.org/ticket/11189
- http://lists.horde.org/archives/announce/2012/000766.html
- http://secunia.com/advisories/49147Vendor Advisory
- http://www.securityfocus.com/bid/53731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
- https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2ExploitPatch
- http://bugs.horde.org/ticket/11189
- http://lists.horde.org/archives/announce/2012/000766.html
- http://secunia.com/advisories/49147Vendor Advisory
- http://www.securityfocus.com/bid/53731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75563
- https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2ExploitPatch
FAQ
What is CVE-2012-6620?
CVE-2012-6620 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecif...
How severe is CVE-2012-6620?
CVE-2012-6620 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6620?
Check the references section above for vendor advisories and patch information. Affected products include: Horde Kronolith H4.