CVE-2007-5091

Egroupware - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.

References (5)

[Vendor Advisory] http://secunia.com/advisories/26944

[Patch] http://www.egroupware.org/news

[Various Sources] http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611&r2=24443&pathrev=24443

[Various Sources] http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741&r2=24443&pathrev=24443

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25800

Scores

EPSS 0.0035

EPSS Percentile 57.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

egroupware/egroupware

Timeline

Published Sep 26, 2007

Tracked Since Feb 18, 2026