Cross-Site Scripting Vulnerability in EGroupware by EGroupware
CVE-2010-3314

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 22 September 2010

What is CVE-2010-3314?

A cross-site scripting (XSS) vulnerability exists in the login.php component of EGroupware, allowing remote attackers to inject arbitrary web scripts or HTML code through the 'lang' parameter. This security flaw may affect specific versions of EGroupware and EPL before their respective patches were released, posing a risk to users and their data integrity.

References

http://www.exploit-db.com/exploits/11777/

exploitx_refsource_EXPLOIT-DB

http://www.egroupware.org/news?item=93

x_refsource_CONFIRM

http://www.debian.org/security/2010/dsa-2013

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 22, 2010

Egroupware

What is CVE-2010-3314?

References

Timeline