Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2574

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2574
Last Modified 07 Mar 2011 09:19:02
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2574

Summary

Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.

Vulnerable Systems

Application

  • Phpgroupware 0.9.16.000

  • Phpgroupware 0.9.16.002

  • Phpgroupware 0.9.16.003

  • Phpgroupware 0.9.16.005


References

BID - 12082

CONFIRM - https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478

OSVDB - 7600


Last Updated: 27 May 2016 10:39:32