← volver
CVE-2008-1974

CVE-2008-1974

EPSS 4.9%
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/31697no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://forum.aria-security.com/showthread.php?t=49http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.htmlhttp://osvdb.org/51238http://secunia.com/advisories/29920http://secunia.com/advisories/30649http://securityreason.com/securityalert/3831https://exchange.xforce.ibmcloud.com/vulnerabilities/41974https://www.debian.org/security/2008/dsa-1560https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.htmlhttp://www.securityfocus.com/archive/1/491230/100/0/threadedhttp://www.securityfocus.com/bid/28898