CVE-2012-2211

Egroupware < 1.8.002.20111111 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information.

References (3)

[Various Sources] http://www.egroupware.org/changelog

[Exploit] http://packetstormsecurity.org/files/111626/egroupware-xss.txt

[Vendor Advisory] http://secunia.com/advisories/48703

Scores

EPSS 0.0013

EPSS Percentile 32.6%

Details

CWE

CWE-79

Status published

Products (2)

egroupware/egroupware < 1.8.002.20111111

n/a/n/a

Published Nov 22, 2012

Tracked Since Feb 18, 2026