CVE-2005-4189

Name: CVE-2005-4189
Creator: NVD / NIST
Published: 2005-12-13T11:03:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.43%

Last modified Jun 16, 2026

CVE-2005-4189 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.. EPSS estimates a 1.43% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.

Metrics

EPSS Probability

1.43%

69.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Horde	Kronolith H3	2.0
Horde	Kronolith H3	2.0.1
Horde	Kronolith H3	2.0.2
Horde	Kronolith H3	2.0.2_rc1
Horde	Kronolith H3	2.0.3
Horde	Kronolith H3	2.0.3_rc1
Horde	Kronolith H3	2.0.4
Horde	Kronolith H3	2.0.4_rc1
Horde	Kronolith H3	2.0.5
Horde	Kronolith H3	2.0_alpha
Horde	Kronolith H3	2.0_beta
Horde	Kronolith H3	2.0_rc1
Horde	Kronolith H3	2.0_rc2
Horde	Kronolith H3	2.0_rc3

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.htmlVendor Advisory
http://lists.horde.org/archives/announce/2005/000234.htmlPatch
http://secunia.com/advisories/17971Patch, Vendor Advisory
http://secunia.com/advisories/18827
http://www.debian.org/security/2006/dsa-970
http://www.osvdb.org/21608Patch
http://www.osvdb.org/21609Patch
http://www.osvdb.org/21610Patch
http://www.osvdb.org/21611Patch
http://www.sec-consult.com/245.htmlVendor Advisory
http://www.securityfocus.com/bid/15808Patch
http://www.vupen.com/english/advisories/2005/2834
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0459.htmlVendor Advisory
http://lists.horde.org/archives/announce/2005/000234.htmlPatch
http://secunia.com/advisories/17971Patch, Vendor Advisory
http://secunia.com/advisories/18827
http://www.debian.org/security/2006/dsa-970
http://www.osvdb.org/21608Patch
http://www.osvdb.org/21609Patch
http://www.osvdb.org/21610Patch
http://www.osvdb.org/21611Patch
http://www.sec-consult.com/245.htmlVendor Advisory
http://www.securityfocus.com/bid/15808Patch
http://www.vupen.com/english/advisories/2005/2834

Timeline

Published: Dec 13, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-4189?

How severe is CVE-2005-4189?

Severity scoring for CVE-2005-4189 is pending analysis. The EPSS model estimates a 1.43% probability of exploitation in the next 30 days.

How do I fix CVE-2005-4189?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-4189?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST