PT-2004-2380 · Egroupware · Egroupware

Joxean Koret

Publicado

2004-12-31

Atualizado

2017-07-11

CVE-2004-1467

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: eGroupWare versions 1.0.00.003 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via several fields in different modules, including the calendar, address, message, and Ticket modules. Specifically, the vulnerable fields are:

date or search text field in the calendar module,
Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module,
Subject field in the message module,
Subject field in the Ticket module.

Recommendations: For eGroupWare versions 1.0.00.003 and earlier, consider disabling the calendar, address, message, and Ticket modules until a patch is available. Restrict access to the vulnerable fields in these modules to minimize the risk of exploitation. Avoid using the specified fields in the affected modules until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1467

Produtos afetados

Egroupware

PT-2004-2380 · Egroupware · Egroupware

CVE-2004-1467

Identificadores relacionados

Produtos afetados

Referências · 8