Description
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Joxean Koret · textwebappsphp
https://www.exploit-db.com/exploits/24403
References (5)
Core 5
Core References
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11013
Product x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=401807
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/372603
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17078
Scores
EPSS
0.0507
EPSS Percentile
89.8%
Details
Status
published
Products (3)
egroupware/egroupware
1.0
egroupware/egroupware
1.0.1
egroupware/egroupware
1.0.3
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026