Cross-Site Scripting in EGroupware Enterprise Line and Community Edition
CVE-2011-4950

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 31 August 2012

What is CVE-2011-4950?

A cross-site scripting vulnerability exists in the EGroupware Enterprise Line and Community Edition, allowing remote attackers to exploit the flaw via the 'lang' parameter in the test.php file. This can lead to the injection of arbitrary web scripts or HTML, potentially exposing users to malicious attacks and data breaches. Updating to the latest versions protects against such vulnerabilities.

References

http://www.egroupware.org/epl-changelog

x_refsource_CONFIRM

http://packetstormsecurity.org/files/100180/eGroupware-1....

x_refsource_MISC

http://www.egroupware.org/changelog

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 31, 2012

Egroupware

What is CVE-2011-4950?

References

Timeline