PhpGroupWare Multiple HTML Injection Vulnerabilities Network Vulnerability

Summary

The remote host seems to be running PhpGroupWare, is a multi-user groupware suite written in PHP. This version has been reported prone to multiple HTML injection vulnerabilities. The issues present themselves due to a lack of sufficient input validation performed on form fields used by PHPGroupWare modules. A malicious attacker may inject arbitrary HTML and script code using these form fields that may be incorporated into dynamically generated web content.

Solution

Update to version 0.9.14.005 or newer

References

http://www.phpgroupware.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2003-0504

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability

PhpGroupWare multiple HTML injection vulnerabilities

Take action and discover your vulnerabilities