CVE-2007-5091
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/25800
- http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611&r2=24443&pathrev=24443
- http://www.egroupware.org/news
- http://secunia.com/advisories/26944
- http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741&r2=24443&pathrev=24443
References
- http://www.securityfocus.com/bid/25800
- http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611&r2=24443&pathrev=24443
- http://www.egroupware.org/news
- http://secunia.com/advisories/26944
- http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741&r2=24443&pathrev=24443
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.