Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html
https://www.debian.org/security/2008/dsa-1560
https://exchange.xforce.ibmcloud.com/vulnerabilities/41974
http://www.vupen.com/english/advisories/2008/1373/references
http://www.securitytracker.com/id?1019934
http://www.securityfocus.com/archive/1/491230/100/0/threaded
http://securityreason.com/securityalert/3831
http://secunia.com/advisories/30649
http://secunia.com/advisories/29920
http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html