blob: fab7174bdf663f29110afa34185b82e4ca60e634 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200409-22">
<title>phpGroupWare: XSS vulnerability in wiki module</title>
The phpGroupWare software contains a cross site scripting vulnerability in
the wiki module.
<product type="ebuild">phpGroupWare</product>
<announced>September 16, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="www-apps/phpgroupware" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
phpGroupWare is a web-based suite of group applications including
calendar, todo-list, addressbook, email, wiki, news headlines, and a
file manager.
Due to an input validation error, the wiki module in the phpGroupWare
suite is vulnerable to cross site scripting attacks.
<impact type="normal">
This vulnerability gives an attacker the ability to inject and execute
malicious script code, potentially compromising the victim's browser.
The is no known workaround at this time.
All phpGroupWare users should upgrade to the latest version:
# emerge sync
# emerge -pv &quot;&gt;=www-apps/phpgroupware-;
# emerge &quot;&gt;=www-apps/phpgroupware-;</code>
<uri link="">phpGroupWare ChangeLog</uri>
<uri link="">Secunia Advisory SA12466</uri>
<uri link="">CVE-2004-0875</uri>
<metadata tag="requester" timestamp="Fri, 10 Sep 2004 12:36:45 +0000">
<metadata tag="submitter" timestamp="Sun, 12 Sep 2004 14:15:58 +0000">
<metadata tag="bugReady" timestamp="Thu, 16 Sep 2004 21:55:15 +0000">