SimpleGroupware 'export' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running SimpleGroupware and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to SimpleGroupware version 0.743 or later For updates refer to http://www.simple-groupware.de/cms/

Insight

The flaw is due to an input passed via 'export' parameter to 'bin/index.php' is not properly sanitised before being returned to the user.

Affected

SimpleGroupware 0.742 and prior.

References

http://archives.neohapsis.com/archives/bugtraq/2012-02/0028.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1028

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Open For Business HTML injection vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Tomcat TroubleShooter Servlet Installed
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability

Take action and discover your vulnerabilities