| VID |
21437 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpGroupWare program, according to its version number, has a Cross-Site Scripting in the Wiki module. phpGroupWare, developed by Joseph Engo, is a PHP-based groupware suite that includes features such as, email, calendar, and todo lists. phpGroupWare versions prior to 0.9.16.003 are vulnerable to a Cross-Site Scripting vulnerability, caused by improper filtering of user-supplied input in the Wiki module. A remote attacker could use this vulnerability to steal the victim's cookie-based authentication credentials and to launch further attacks.
* Note: This check solely relied on the version number of the remote phpGroupWare program to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/12466/
* Platforms Affected:
Joseph Engo, phpGroupWare prior to 0.9.16.003
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of phpGroupWare (0.9.16.003 or later) available from the phpGroupWare Web site at http://sourceforge.net/projects/phpgroupware/
For Gentoo Linux:
Upgrade to the latest version of phpGroupWare (0.9.16.003 or later), as listed in Gentoo Linux Security Advisory GLSA 200409-22 at http://www.gentoo.org/security/en/glsa/glsa-200409-22.xml |
| Related URL |
CVE-2004-0875 (CVE) |
| Related URL |
11130 (SecurityFocus) |
| Related URL |
17289 (ISS) |
|
