VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 5, 2014· Updated May 6, 2026

CVE-2012-5567

CVE-2012-5567

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks.

Affected products

33
  • Horde (software)/Groupware11 versions
    cpe:2.3:a:horde:groupware:4.0.1:*:webamail:*:*:*:*:*+ 10 more
    • cpe:2.3:a:horde:groupware:4.0.1:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0.2:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0.3:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0.4:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0.5:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0.6:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0.7:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0:rc1:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0:rc2:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:4.0:*:webamail:*:*:*:*:*
    • cpe:2.3:a:horde:groupware:*:*:webamail:*:*:*:*:*range: <=4.0.8
  • Horde (software)/Kronolith H422 versions
    cpe:2.3:a:horde:kronolith_h4:*:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:horde:kronolith_h4:*:*:*:*:*:*:*:*range: <=3.0.17
    • cpe:2.3:a:horde:kronolith_h4:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:rc2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

11

News mentions

0

No linked articles in our index yet.