CVE-2011-4951

Name of the Vulnerable Software and Affected Versions EGroupware Enterprise Line (EPL) versions prior to 11.1.20110804-1 EGroupware Community Edition versions prior to 1.8.001.20110805

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter. This can be exploited by including a malicious URL in the forward parameter, potentially leading to phishing attacks.

Recommendations For EGroupware Enterprise Line (EPL) versions prior to 11.1.20110804-1, update to version 11.1.20110804-1 or later. For EGroupware Community Edition versions prior to 1.8.001.20110805, update to version 1.8.001.20110805 or later. As a temporary workaround, consider restricting access to the forward parameter in the affected API endpoint until a patch is available.