Cross-Site Scripting Vulnerabilities in eGroupWare by eGroupWare
CVE-2004-1467

Currently unrated

Key Information:

Vendor

Egroupware

Status
Egroupware
Vendor
CVE Published:
31 December 2004

What is CVE-2004-1467?

eGroupWare versions 1.0.00.003 and earlier are susceptible to multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML. The vulnerabilities can be exploited through various input fields, including the date or search text field in the calendar module, several parameters in the address module, and the subject fields in both the message and Ticket modules.

References

http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/11013
vdb-entryx_refsource_BID
http://sourceforge.net/forum/forum.php?forum_id=401807
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.