Vulnerabilities > CVE-2004-0875 - Unspecified vulnerability in PHPgroupware
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.
Vulnerable Configurations
Nessus
NASL family CGI abuses : XSS NASL id PHPGROUPWARE_XSS.NASL description The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. This issue exists due to a lack of sanitization of user-supplied data. A malicious attacker can exploit a flaw to conduct cross-site scripting attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 14708 published 2004-09-13 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14708 title phpGroupWare Wiki Module XSS NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-22.NASL description The remote host is affected by the vulnerability described in GLSA-200409-22 (phpGroupWare: XSS vulnerability in wiki module) Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks. Impact : This vulnerability gives an attacker the ability to inject and execute malicious script code, potentially compromising the victim last seen 2020-06-01 modified 2020-06-02 plugin id 14767 published 2004-09-17 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14767 title GLSA-200409-22 : phpGroupWare: XSS vulnerability in wiki module