Summary
eGroupware is prone to a cross-site scripting vulnerability and to a SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
eGroupware 1.8.001 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Apache Tomcat Multiple Vulnerabilities June-09
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability