Vulnerabilites related to horde - kronolith_h3
CVE-2005-4189 (GCVE-0-2005-4189)
Vulnerability from cvelistv5
Published
2005-12-13 11:00
Modified
2024-08-07 23:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18827 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/21609 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/21608 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/17971 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15808 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2005/2834 | vdb-entry, x_refsource_VUPEN | |
| http://www.debian.org/security/2006/dsa-970 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.osvdb.org/21611 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/21610 | vdb-entry, x_refsource_OSVDB | |
| http://lists.horde.org/archives/announce/2005/000234.html | mailing-list, x_refsource_MLIST | |
| http://www.sec-consult.com/245.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18827"
},
{
"name": "21609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21609"
},
{
"name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
},
{
"name": "21608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21608"
},
{
"name": "17971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17971"
},
{
"name": "15808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2834",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2834"
},
{
"name": "DSA-970",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-970"
},
{
"name": "21611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21611"
},
{
"name": "21610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21610"
},
{
"name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2005/000234.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-consult.com/245.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18827"
},
{
"name": "21609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21609"
},
{
"name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
},
{
"name": "21608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21608"
},
{
"name": "17971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17971"
},
{
"name": "15808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2834",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2834"
},
{
"name": "DSA-970",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-970"
},
{
"name": "21611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21611"
},
{
"name": "21610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21610"
},
{
"name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2005/000234.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-consult.com/245.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18827"
},
{
"name": "21609",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21609"
},
{
"name": "20051211 SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
},
{
"name": "21608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21608"
},
{
"name": "17971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17971"
},
{
"name": "15808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15808"
},
{
"name": "ADV-2005-2834",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2834"
},
{
"name": "DSA-970",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-970"
},
{
"name": "21611",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21611"
},
{
"name": "21610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21610"
},
{
"name": "[horde-announce] 20051211 Kronolith H3 (2.0.6) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000234.html"
},
{
"name": "http://www.sec-consult.com/245.html",
"refsource": "MISC",
"url": "http://www.sec-consult.com/245.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4189",
"datePublished": "2005-12-13T11:00:00",
"dateReserved": "2005-12-13T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7218 (GCVE-0-2008-7218)
Vulnerability from cvelistv5
Published
2009-09-13 22:00
Modified
2024-08-07 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/42775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/42775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "[announce] 20080122 Turba H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"name": "FEDORA-2008-2212",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Horde 3.1.6 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Turba H3 (2.1.6) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"name": "horde-hordeapi-privilege-escalation(39599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"name": "[announce] 20080122 Horde 3.2-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"name": "42775",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/42775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7218",
"datePublished": "2009-09-13T22:00:00",
"dateReserved": "2009-09-13T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7219 (GCVE-0-2008-7219)
Vulnerability from cvelistv5
Published
2009-09-13 22:00
Modified
2024-09-17 01:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-13T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "FEDORA-2008-2212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20080122 Kronolith H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"name": "[announce] 20080122 Mnemo H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"name": "[announce] 20080109 Nag H3 (2.1.4) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"name": "27217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"name": "[announce] 20080109 Horde Groupware 1.0.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"name": "[announce] 20080206 Horde Groupware 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"name": "FEDORA-2008-2212",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"name": "[announce] 20080109 Mnemo H3 (2.1.2) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"name": "28382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28382"
},
{
"name": "[announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"name": "[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"name": "[announce] 20080109 Kronolith H3 (2.1.7) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"name": "[announce] 20080122 Nag H3 (2.2-RC2)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7219",
"datePublished": "2009-09-13T22:00:00Z",
"dateReserved": "2009-09-13T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:15.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-09-13 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | groupware | 1.0 | |
| horde | groupware | 1.0.1 | |
| horde | groupware | 1.0.2 | |
| horde | groupware | 1.1 | |
| horde | groupware_webmail_edition | 1.0 | |
| horde | groupware_webmail_edition | 1.0.2 | |
| horde | groupware_webmail_edition | 1.0.3 | |
| horde | groupware_webmail_edition | 1.1 | |
| horde | kronolith_h3 | 2.1 | |
| horde | kronolith_h3 | 2.1.1 | |
| horde | kronolith_h3 | 2.1.2 | |
| horde | kronolith_h3 | 2.1.3 | |
| horde | kronolith_h3 | 2.1.4 | |
| horde | kronolith_h3 | 2.1.5 | |
| horde | kronolith_h3 | 2.1.6 | |
| horde | kronolith_h3 | 2.2 | |
| horde | mnemo_h3 | 2.1 | |
| horde | mnemo_h3 | 2.1.1 | |
| horde | mnemo_h3 | 2.2 | |
| horde | nag_h3 | 2.1 | |
| horde | nag_h3 | 2.1.1 | |
| horde | nag_h3 | 2.1.2 | |
| horde | nag_h3 | 2.1.3 | |
| horde | nag_h3 | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A30F59C-D09A-495D-B5E5-E908D913164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B013D26B-BE67-4131-B320-EF87D19E9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "664B0D12-607C-4B5F-AC8E-FB1BBD1332E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46ADF628-449A-463E-A459-69FD9DB2ADAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391F88AC-0D1B-4F13-874C-6FD3C6E90CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5E6E0C-7E94-4187-B53B-1BBB73C23EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCD1651-0610-4338-9EA6-343865AA9F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6A557A-EC2D-40AF-88C7-208DB4E8FA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "733B59F3-1648-4875-9A9B-EC3BCA49BCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012BBA79-F969-405E-BBC8-FDC23DE25012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A06B44D-9448-4C96-BD37-790DA9842BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B67D985-950E-42B5-BA8D-05AE8A3EE3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:mnemo_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2814A27-E3C4-4A69-8FEB-E4900CD9876D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:mnemo_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CAC140-EA0B-4FFD-B8E7-3295623C6D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:mnemo_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38397885-FDB3-4454-BFBB-2B28173FEC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08307428-AE78-453B-A121-15AEB7049EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "195D72BA-A0A6-4568-BC67-77A44F9E0697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7853DA-0958-401B-83C6-E35FACA4AAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BD1454-1D33-4026-A7F6-ADB358D3DC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "184A2E09-5784-44C4-A5D9-87EA906F86E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Horde Kronolith H3 v2.1 anterior v2.1.7 y v2.2 anterior v2.2-RC2; Nag H3 v2.1 anterior v2.1.4 y 2.2 anterior v2.2-RC2; Mnemo H3 v2.1 anterior v2.1.2 y H3 2.2 anterior v2.2-RC2; Groupware v1.0 anterior v1.0.3 y v1.1 anterior v1.1-RC2; y Groupware Webmail Edition v1.0 anterior v1.0.4 y v1.1 anterior v1.1-RC2, no valida las propiedades al compartir cambios, con un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-7219",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-13T22:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-13 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | kronolith_h3 | 2.0 | |
| horde | kronolith_h3 | 2.0.1 | |
| horde | kronolith_h3 | 2.0.2 | |
| horde | kronolith_h3 | 2.0.2_rc1 | |
| horde | kronolith_h3 | 2.0.3 | |
| horde | kronolith_h3 | 2.0.3_rc1 | |
| horde | kronolith_h3 | 2.0.4 | |
| horde | kronolith_h3 | 2.0.4_rc1 | |
| horde | kronolith_h3 | 2.0.5 | |
| horde | kronolith_h3 | 2.0_alpha | |
| horde | kronolith_h3 | 2.0_beta | |
| horde | kronolith_h3 | 2.0_rc1 | |
| horde | kronolith_h3 | 2.0_rc2 | |
| horde | kronolith_h3 | 2.0_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECD4DC8-99A0-4CBF-967B-E0A211E3E3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56F7570D-A08C-43AB-8C29-896FC2E41D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2330AF9-4C0D-4E78-9F81-60A0ED2AA5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9281D64-6465-4D5E-9A14-646AF82CA543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBB69FA-9283-4C8F-8FFA-215859E4FFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D42184BB-1257-41ED-8739-955394B47343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "720BC9E8-0355-4D14-A6E6-DA305CEB0FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.4_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3646B0CC-9B0D-492C-8432-3D869AD420D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "80E1CEB7-043B-46A4-80F0-B45C7A69FEC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "19A1CE51-A02D-4163-8459-E6562DE7FB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0FF6F1-E9ED-4F50-8BDA-75BE13FCCD67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F4BEF-6997-41A9-9310-B93AFB5A6BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "40F16F92-48EE-4AC4-8877-7FFFAF4AC63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "69EBC070-A27E-4271-B79B-9CAEDAD4F84F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Horde Kronolith H3 anteriores a 2.0.6 permite a usuarios remotos autenticados inyectar \u0027scritp\u0027 web o HTML de su elecci\u00f3n mediante (1) el nombre del campo \"Calendar\" cuanto se crean calendarios, (2) el campo de t\u00edtulo de evento cuando se borran eventos, (3) los campos de b\u00fasqueda \"Category\" y (4) \"Location\", y (5) los campos de direcci\u00f3n de correo electr\u00f3nico de los asistentes cuando se edita asistentes al evento, y posiblemente otros vectores."
}
],
"id": "CVE-2005-4189",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-13T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2005/000234.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17971"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18827"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-970"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21608"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21609"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21610"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21611"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sec-consult.com/245.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2005/000234.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/21611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sec-consult.com/245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-13 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| horde | groupware | 1.0 | |
| horde | groupware | 1.0.1 | |
| horde | groupware | 1.0.2 | |
| horde | groupware | 1.1 | |
| horde | groupware_webmail_edition | 1.0 | |
| horde | groupware_webmail_edition | 1.0.2 | |
| horde | groupware_webmail_edition | 1.0.3 | |
| horde | groupware_webmail_edition | 1.1 | |
| horde | horde | 3.1 | |
| horde | horde | 3.1.1 | |
| horde | horde | 3.1.2 | |
| horde | horde | 3.1.3 | |
| horde | horde | 3.1.4 | |
| horde | horde | 3.1.5 | |
| horde | horde | 3.2 | |
| horde | kronolith_h3 | 2.1 | |
| horde | kronolith_h3 | 2.1.1 | |
| horde | kronolith_h3 | 2.1.2 | |
| horde | kronolith_h3 | 2.1.3 | |
| horde | kronolith_h3 | 2.1.4 | |
| horde | kronolith_h3 | 2.1.5 | |
| horde | kronolith_h3 | 2.1.6 | |
| horde | kronolith_h3 | 2.2 | |
| horde | mnemo_h3 | 2.1 | |
| horde | mnemo_h3 | 2.1.1 | |
| horde | mnemo_h3 | 2.2 | |
| horde | nag_h3 | 2.1 | |
| horde | nag_h3 | 2.1.1 | |
| horde | nag_h3 | 2.1.2 | |
| horde | nag_h3 | 2.1.3 | |
| horde | nag_h3 | 2.2 | |
| horde | turba_h3 | 2.1 | |
| horde | turba_h3 | 2.1.1 | |
| horde | turba_h3 | 2.1.2 | |
| horde | turba_h3 | 2.1.3 | |
| horde | turba_h3 | 2.1.4 | |
| horde | turba_h3 | 2.1.5 | |
| horde | turba_h3 | 2.2 | |
| horde | turba_h3 | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71C2653B-7F0B-4628-9E77-44744BC05463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC241F01-B9DF-4D0E-BA3C-3523AEEB6BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B574D428-0A3A-47CA-A926-5C936F83919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BBB036-494E-41D4-BD04-40906FAB5C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A30F59C-D09A-495D-B5E5-E908D913164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B013D26B-BE67-4131-B320-EF87D19E9C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "664B0D12-607C-4B5F-AC8E-FB1BBD1332E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46ADF628-449A-463E-A459-69FD9DB2ADAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D589E22C-7F87-43EF-B5FF-DC2B43E5252C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57AD38FB-23DF-406D-8889-E9EB18D22C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35BECCFA-1E18-41ED-882A-5C743D970EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0285D4F-8CD8-48F9-9D68-A80E8742BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3808FD9-126C-422F-AFE4-4FF6E1366431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "96A4F9E2-7978-4C82-9BD3-B6B73C4918E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457276C8-6665-48C5-948C-E65E6309C0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391F88AC-0D1B-4F13-874C-6FD3C6E90CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5E6E0C-7E94-4187-B53B-1BBB73C23EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCD1651-0610-4338-9EA6-343865AA9F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6A557A-EC2D-40AF-88C7-208DB4E8FA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "733B59F3-1648-4875-9A9B-EC3BCA49BCEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012BBA79-F969-405E-BBC8-FDC23DE25012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5A06B44D-9448-4C96-BD37-790DA9842BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:kronolith_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B67D985-950E-42B5-BA8D-05AE8A3EE3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:mnemo_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2814A27-E3C4-4A69-8FEB-E4900CD9876D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:mnemo_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CAC140-EA0B-4FFD-B8E7-3295623C6D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:mnemo_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38397885-FDB3-4454-BFBB-2B28173FEC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08307428-AE78-453B-A121-15AEB7049EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "195D72BA-A0A6-4568-BC67-77A44F9E0697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7853DA-0958-401B-83C6-E35FACA4AAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BD1454-1D33-4026-A7F6-ADB358D3DC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:nag_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "184A2E09-5784-44C4-A5D9-87EA906F86E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD583BAE-8123-40B9-8A68-96725A86EBF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9CA86E-B688-495F-8233-69632B56E1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56B99A86-A8A6-474E-B54F-9F010FFE7C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88F73B3B-DB27-40F9-BCC2-E5ACC10F2A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4035BF4B-64F9-4A0D-82D0-99276B8B7010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6D808D3F-9332-4667-838C-CD545EDAD37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73C0F1DE-D2CB-4FA1-89FA-2C6E0991FDDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:turba_h3:2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6E649CA6-3EBD-40A4-860F-08141F8FB9D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el API de Horde v3.1 anterior a v3.1.6 y v3.2 anterior a v3.2 anterior a v3.2-RC2; Turba H3 v2.1 anterior a v2.1.6 y v2.2 anterior a v2.2-RC2; Kronolith H3 2.1 anterior a v2.1.7 y H3 v2.2 anterior a v2.2-RC2; Nag H3 v2.1 anterior a v2.1.4 y v2.2 anterior a v2.2-RC2; Mnemo H3 v2.1 anterior a v2.1.2 y v2.2 anterior a v2.2-RC2; Horde Groupware v1.0 anterior a v1.0.3 y v1.1 anterior a v1.1-RC2; y Groupware Webmail Edition v1.0 anterior a v1.0.4 y v1.1 anterior a v1.1-RC2; tiene impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-7218",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-13T22:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28382"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/42775"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000360.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.horde.org/archives/announce/2008/000361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000365.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000366.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000367.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000369.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000371.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000376.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.horde.org/archives/announce/2008/000377.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/42775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}