Unrated severityNVD Advisory· Published Apr 27, 2008· Updated Apr 23, 2026

CVE-2008-1974

Description

Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Affected products

Horde (software)/Groupware
cpe:2.3:a:horde:groupware:1.0.5:*:*:*:*:*:*:*
Horde (software)/Groupware Webmail Edition
cpe:2.3:a:horde:groupware_webmail_edition:1.0.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.aria-security.com/showthread.phpnvdExploit
www.securityfocus.com/bid/28898nvdExploit
secunia.com/advisories/29920nvdVendor Advisory
lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.htmlnvd
osvdb.org/51238nvd
secunia.com/advisories/30649nvd
securityreason.com/securityalert/3831nvd
www.securityfocus.com/archive/1/491230/100/0/threadednvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2008/1373/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/41974nvd
www.debian.org/security/2008/dsa-1560nvd
www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000