https://www.securityfocus.com/bid/88762
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-016

HordeKronolithmodule1.1.4之前的版本中存在跨站点脚本(XSS)漏洞，允许远程攻击者通过父对象的框架页标题来注入任意Web脚本或HTML。

Horde Project Kronolith 1.1.3

来源:SECUNIA
名称:15080
链接:http://secunia.com/advisories/15080
来源:MLIST
名称:[kronolith]20050422Kronolith1.1.4(final)
链接:http://lists.horde.org/archives/kronolith/Week-of-Mon-20050418/005347.html
来源:cvs.horde.org
链接:http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.69.2.39&r2;=1.69.2.41&ty;=h