Summary
The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP.
This version has been reported prone to HTML injection vulnerabilities through 'index.php'. These issues present themself due to a lack of sufficient input validation performed on form fields used by PHPGroupWare modules.
A malicious attacker may inject arbitrary HTML and script code using these form fields that may be incorporated into dynamically generated web content.
Solution
Update to version 0.9.16 RC3 or newer
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-2574 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- Apache Struts2 showcase namespace XSS Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability