Cross-Site Scripting Vulnerability in eGroupware by eGroupware
CVE-2012-2211

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 22 November 2012

What is CVE-2012-2211?

The eGroupware application is vulnerable to a Cross-Site Scripting (XSS) attack due to inadequate sanitization of user input in the menuaction parameter of the etemplate/process_exec.php script. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into web pages viewed by other users, potentially leading to session hijacking, data theft, or other malicious activities. Users running versions of eGroupware earlier than 1.8.004.20120405 are particularly at risk and should consider upgrading to a secured version to mitigate exposure.

References

http://secunia.com/advisories/48703

third-party-advisoryx_refsource_SECUNIA

http://www.egroupware.org/changelog

x_refsource_CONFIRM

http://packetstormsecurity.org/files/111626/egroupware-xs...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 22, 2012

Egroupware

What is CVE-2012-2211?

References

Timeline