Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-4189 | First vendor Publication | 2005-12-13 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4189 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 970-1 (kronolith) File : nvt/deb_970_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 21611 | Horde Kronolith Calendar Edit Permission Function XSS Kronolith contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'title' variables upon submission to the edit permission script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 21610 | Horde Kronolith Calendar Search Function Multiple Method XSS Kronolith contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'category' and 'location' variables upon submission to the calendar search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 21609 | Horde Kronolith Calendar Event Manipulation XSS Kronolith contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'delete events' and 'edit attendees' variables upon submission to the edit calendar script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 21608 | Horde Kronolith Calendar Multiple Field XSS Kronolith contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate calendar name variables upon submission to the view calendar script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-970.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:21:29 |
|
| 2024-11-28 12:07:51 |
|
| 2021-05-04 12:03:25 |
|
| 2021-04-22 01:03:43 |
|
| 2020-05-23 00:17:06 |
|
| 2016-06-28 15:28:15 |
|
| 2016-04-26 14:02:34 |
|
| 2014-02-17 10:33:51 |
|
| 2013-05-11 11:36:51 |
|
