FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities

Affected packages
egroupware < 1.0.0.007

Details

VuXML ID b4892b5b-fb1c-11d9-96ba-00909925db3e
Discovery 2005-04-20
Entry 2005-07-23

Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.

Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.

References

CVE Name CVE-2005-1202
CVE Name CVE-2005-1203
URL http://sourceforge.net/project/shownotes.php?release_id=320768