Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2211

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2211
Last Modified 22 Nov 2012 12:00:00
Published 22 Nov 2012 07:28:40
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2211

Summary

Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Egroupware 1.8.002.20111111


References

CONFIRM - http://www.egroupware.org/changelog

SECUNIA - 48703

MISC - http://packetstormsecurity.org/files/111626/egroupware-xss.txt


Last Updated: 27 May 2016 10:47:22