Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
References 5 Total
- exchange.xforce.ibmcloud.com: phpgroupware-index-preferences-xss(18496) vdb-entry
- marc.info: 20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] mailing-list
- http://www.gulftech.org/?node=research&article_id=00054-12142004
- securityfocus.com: 11952 vdb-entry
- gentoo.org: GLSA-200501-08 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- exchange.xforce.ibmcloud.com: phpgroupware-index-preferences-xss(18496) vdb-entryx_transferred
- marc.info: 20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] mailing-listx_transferred
- http://www.gulftech.org/?node=research&article_id=00054-12142004 x_transferred
- securityfocus.com: 11952 vdb-entryx_transferred
- gentoo.org: GLSA-200501-08 vendor-advisoryx_transferred