Cross-Site Scripting Vulnerabilities in eGroupWare by Interaktive
CVE-2007-5091

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 26 September 2007

What is CVE-2007-5091?

Multiple cross-site scripting (XSS) vulnerabilities exist in eGroupWare 1.4.001, allowing remote attackers to inject arbitrary web scripts or HTML. This is possible through the 'cat_data[color]' parameter, impacting the preferences and admin components of the application. The vulnerabilities can lead to unauthorized script execution in the context of the user's session, which may compromise user privacy and data integrity.

References

http://www.securityfocus.com/bid/25800

vdb-entryx_refsource_BID

http://www.egroupware.org/viewvc/branches/1.4/admin/inc/c...

x_refsource_CONFIRM

http://www.egroupware.org/news

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2007
Vulnerability Reserved
Sep 26, 2007

Egroupware

What is CVE-2007-5091?

References

Timeline