CVE-2005-1202

eGroupware - Cross-Site Scripting via ab_id, page, type, lang, or category_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1202. PoCs published by GulfTech Security.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in eGroupWare, including XSS and SQL injection. It lists several URLs demonstrating XSS vulnerabilities but does not include executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25434

The provided text describes multiple input validation vulnerabilities in eGroupWare, including XSS and SQL injection. It lists several URLs demonstrating XSS vulnerabilities but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: eGroupWare (version not specified)
No auth needed
Prerequisites: Access to the vulnerable eGroupWare instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25435

The provided text describes CVE-2005-1202, an input validation vulnerability in eGroupWare leading to XSS and SQL injection. It includes a sample URL demonstrating the XSS vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eGroupWare (version not specified)
No auth needed
Prerequisites: Access to a vulnerable eGroupWare instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15751
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13212
Patch vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200504-24.xml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111401760125555&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14982

Scores

EPSS 0.0297
EPSS Percentile 85.5%

Details

Status published
Products (4)
egroupware/egroupware 1.0
egroupware/egroupware 1.0.1
egroupware/egroupware 1.0.3
egroupware/egroupware 1.0.6
Published May 02, 2005
Tracked Since Feb 18, 2026