CVE-2005-4189

Name of the Vulnerable Software and Affected Versions Horde Kronolith H3 versions prior to 2.0.6

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via several fields, including the Calendar name field when creating calendars, event title field when deleting events, Category and Location search fields, and attendees' email address fields when editing event attendees.

Recommendations For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Calendar name field, event title field, Category and Location search fields, and attendees' email address fields to minimize the risk of exploitation. Avoid using these fields until the issue is resolved.