CVE-2004-1467

eGroupWare <= 1.0.00.003 - Cross-Site Scripting via Multiple Input Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1467. PoCs published by Joxean Koret.

AI-analyzed exploit summary The provided text describes multiple XSS and HTML injection vulnerabilities in eGroupWare, specifically in the 'addressbook', 'calendar', and 'Messenger' modules. It includes a sample exploit URL demonstrating an XSS attack via the 'date' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Joxean Koret · textwebappsphp

https://www.exploit-db.com/exploits/24403

View Code ZIP pw:eip

The provided text describes multiple XSS and HTML injection vulnerabilities in eGroupWare, specifically in the 'addressbook', 'calendar', and 'Messenger' modules. It includes a sample exploit URL demonstrating an XSS attack via the 'date' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: eGroupWare (version not specified)

No auth needed

Prerequisites: Access to a vulnerable eGroupWare instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11013

Product x_refsource_confirm

http://sourceforge.net/forum/forum.php?forum_id=401807

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/372603

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17078

Scores

EPSS 0.0362

EPSS Percentile 88.0%

Details

Status published

Products (3)

egroupware/egroupware 1.0

egroupware/egroupware 1.0.1

egroupware/egroupware 1.0.3

Published Dec 31, 2004

Tracked Since Feb 18, 2026