VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 16, 2014· Updated Apr 29, 2026

CVE-2012-6620

CVE-2012-6620

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

21
  • Horde (software)/Kronolith H421 versions
    cpe:2.3:a:horde:kronolith_h4:*:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:horde:kronolith_h4:*:*:*:*:*:*:*:*range: <=3.0.16
    • cpe:2.3:a:horde:kronolith_h4:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:horde:kronolith_h4:3.0:rc2:*:*:*:*:*:*

Patches

1
1228a6825a8d
https://github.com/horde/hordevia nvd-ref
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.