CVE request: horde-kronolith-2.1.7 XSS in addevent.php

[Matt Fleming <mattjfleming () googlemail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

kronolith-2.1.7 is vulnerale to a cross-site scripting attack because
input passed to the "url" parameter in the file addevent.php is not 
properly sanitized. 

Can you please assign a CVE id?

http://forum.aria-security.com/showthread.php?t=49
https://bugs.gentoo.org/show_bug.cgi?id=219304
http://secunia.com/advisories/29920/

Thanks,
Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (NetBSD)

iQEcBAEBAgAGBQJIFGqxAAoJEK3y1f69VxYbv/kH/3Phg+1xuv3pLc7ZnrS48J2e
k8PRTzpdkgS/3bE1jtjfGWICoHOKu6/N9Gv2RYmWpWl2ATjJ9r/JVsjOpYdhS9Qm
+tRM8O5vWHnIAuhuSMNx+BOVrUJtwcNg27dlhlC1KJyGjgaPAO892uUJfXAti4fW
vQuCueNgnQlF4BI1oagHk9cZ8y2BpbSPa4TknrQV5NdrsN/46fk6Lm9v6aVLUtQv
hZB+HwlWqT2/1Nhb2JAHnYcE4ZlntlFDVQJnLkhZnXPuRyOIYVHNoKm9OZ1kXdBE
5IY0sJ3yeJnXTL49IcHf+vMbyTIcK8e6JZq0ipfMSDbOH13pc12XXbhkXtjTznU=
=xezF
-----END PGP SIGNATURE-----