Red Hat Bugzilla – Bug 444400
CVE-2008-1974 kronolith: XSS in addevent.php
Last modified: 2016-03-04 05:59:25 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1974 to the following vulnerability:
Cross-site scripting (XSS) vulnerability in addevent.php in Horde
Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5
allows remote attackers to inject arbitrary web script or HTML via the
Created attachment 303946 [details]
Upstream released version 3.1.8 to address this flaw. This seems to be the
relevant part of the diff between 3.1.7 and 3.1.8.
Builds are done here:
Can somebody request a release?
Freeze break for Fedora 9 has been requested. Might not be approved due to zero
kronolith-2.1.8-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
kronolith-2.1.8-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: