EGroupware <= 1.8.001 Multiple Vulnerabilities Network Vulnerability

Summary

eGroupware is prone to a cross-site scripting vulnerability and to a SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. eGroupware 1.8.001 is vulnerable other versions may also be affected.

References

http://www.egroupware.org/
https://www.securityfocus.com/bid/47262
https://www.securityfocus.com/bid/47273

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

aeNovo Database Content Disclosure Vulnerability
/doc directory browsable ?
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability

eGroupware <= 1.8.001 Multiple Vulnerabilities

Take action and discover your vulnerabilities