FKIE_CVE-2005-4189

Vulnerability from fkie_nvd - Published: 2005-12-13 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.htmlVendor Advisory
cve@mitre.orghttp://lists.horde.org/archives/announce/2005/000234.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/17971Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/18827
cve@mitre.orghttp://www.debian.org/security/2006/dsa-970
cve@mitre.orghttp://www.osvdb.org/21608Patch
cve@mitre.orghttp://www.osvdb.org/21609Patch
cve@mitre.orghttp://www.osvdb.org/21610Patch
cve@mitre.orghttp://www.osvdb.org/21611Patch
cve@mitre.orghttp://www.sec-consult.com/245.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/15808Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2834
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2005/000234.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17971Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18827
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-970
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21608Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21609Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21610Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21611Patch
af854a3a-2127-422b-91ae-364da2661108http://www.sec-consult.com/245.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15808Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2834
Impacted products
Vendor Product Version
horde kronolith_h3 2.0
horde kronolith_h3 2.0.1
horde kronolith_h3 2.0.2
horde kronolith_h3 2.0.2_rc1
horde kronolith_h3 2.0.3
horde kronolith_h3 2.0.3_rc1
horde kronolith_h3 2.0.4
horde kronolith_h3 2.0.4_rc1
horde kronolith_h3 2.0.5
horde kronolith_h3 2.0_alpha
horde kronolith_h3 2.0_beta
horde kronolith_h3 2.0_rc1
horde kronolith_h3 2.0_rc2
horde kronolith_h3 2.0_rc3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ECD4DC8-99A0-4CBF-967B-E0A211E3E3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F7570D-A08C-43AB-8C29-896FC2E41D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2330AF9-4C0D-4E78-9F81-60A0ED2AA5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.2_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9281D64-6465-4D5E-9A14-646AF82CA543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBB69FA-9283-4C8F-8FFA-215859E4FFDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42184BB-1257-41ED-8739-955394B47343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "720BC9E8-0355-4D14-A6E6-DA305CEB0FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3646B0CC-9B0D-492C-8432-3D869AD420D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E1CEB7-043B-46A4-80F0-B45C7A69FEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A1CE51-A02D-4163-8459-E6562DE7FB51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E0FF6F1-E9ED-4F50-8BDA-75BE13FCCD67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8F4BEF-6997-41A9-9310-B93AFB5A6BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F16F92-48EE-4AC4-8877-7FFFAF4AC63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69EBC070-A27E-4271-B79B-9CAEDAD4F84F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Kronolith H3 anteriores a 2.0.6 permite a usuarios remotos autenticados inyectar \u0027scritp\u0027 web o HTML de su elecci\u00f3n mediante (1) el nombre del campo \"Calendar\" cuanto se crean calendarios, (2) el campo de t\u00edtulo de evento cuando se borran eventos, (3) los campos de b\u00fasqueda \"Category\" y (4) \"Location\", y (5) los campos de direcci\u00f3n de correo electr\u00f3nico de los asistentes cuando se edita asistentes al evento, y posiblemente otros vectores."
    }
  ],
  "id": "CVE-2005-4189",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-13T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2005/000234.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17971"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-970"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21608"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21609"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21610"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21611"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sec-consult.com/245.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15808"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2005/000234.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/21611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sec-consult.com/245.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2834"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.