Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Horde Kronolith多个HTML注入漏洞
Vulnerability Description
Kronolith是美国Horde公司的一套基于Web的日历应用程序,它提供事件跟踪、事项提醒、日历共享等功能。 Kronolith中存在多个HTML注入漏洞,如下: 1) 认证用户可以在名称字段中("Calendar Name")以任意Javascript代码在"My Calendars"目录下创建日历,并将权限更改为系统所有用户都可以访问。如果受害用户点击了"My Calendars"菜单浏览自己的日历,就会出现所有公共的日历,并执行攻击者的脚本代码。 2) 在删除事件时没有正确的验证日历事件的标题字
CVSS Information
N/A
Vulnerability Type
N/A