Vulnerabilities > CVE-2004-1467 - Input Validation vulnerability in Egroupware 1.0/1.0.1/1.0.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | EGroupWare 1.0 Calendar Module date Parameter XSS. CVE-2004-1467. Webapps exploit for php platform |
| id | EDB-ID:24403 |
| last seen | 2016-02-02 |
| modified | 2004-08-23 |
| published | 2004-08-23 |
| reporter | Joxean Koret |
| source | https://www.exploit-db.com/download/24403/ |
| title | EGroupWare 1.0 Calendar Module date Parameter XSS |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-06.NASL description The remote host is affected by the vulnerability described in GLSA-200409-06 (eGroupWare: Multiple XSS vulnerabilities) Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book, messenger and ticket modules. Impact : These vulnerabilities give an attacker the ability to inject and execute malicious script code, potentially compromising the victim last seen 2020-06-01 modified 2020-06-02 plugin id 14653 published 2004-09-03 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14653 title GLSA-200409-06 : eGroupWare: Multiple XSS vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200409-06. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14653); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-1467"); script_xref(name:"GLSA", value:"200409-06"); script_name(english:"GLSA-200409-06 : eGroupWare: Multiple XSS vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200409-06 (eGroupWare: Multiple XSS vulnerabilities) Joxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book, messenger and ticket modules. Impact : These vulnerabilities give an attacker the ability to inject and execute malicious script code, potentially compromising the victim's browser. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of eGroupWare." ); script_set_attribute( attribute:"see_also", value:"https://sourceforge.net/forum/forum.php?forum_id=401807" ); # http://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0 script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200409-06" ); script_set_attribute( attribute:"solution", value: "All eGroupWare users should upgrade to the latest version: # emerge sync # emerge -pv '>=www-apps/egroupware-1.0.00.004' # emerge '>=www-apps/egroupware-1.0.00.004'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:egroupware"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/egroupware", unaffected:make_list("ge 1.0.00.004"), vulnerable:make_list("le 1.0.00.003"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eGroupWare"); }NASL family CGI abuses : XSS NASL id EGROUPWARE_XSS.NASL description The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though Nessus has not tested for those issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14358 published 2004-08-23 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14358 title eGroupWare <= 1.0.00.003 Multiple Module XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14358); script_version("1.25"); script_cve_id("CVE-2004-1467"); script_bugtraq_id(11013); script_name(english:"eGroupWare <= 1.0.00.003 Multiple Module XSS"); script_summary(english:"Checks for the presence of an XSS bug in EGroupWare"); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host has a cross-site scripting vulnerability." ); script_set_attribute(attribute:"description", value: "The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though Nessus has not tested for those issues." ); script_set_attribute( attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Aug/306" ); script_set_attribute( attribute:"solution", value:"Upgrade to eGroupware 1.0.0.004 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/23"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/21"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"CGI abuses : XSS"); script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencie("egroupware_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if(!can_host_php(port:port))exit(0); if ( get_kb_item(string("www/", port, "/generic_xss")) ) exit(0); kb = get_kb_item("www/" + port + "/egroupware"); if ( ! kb ) exit(0); stuff = eregmatch(pattern:"(.*) under (.*)", string:kb); loc = stuff[2]; test_cgi_xss(port: port, dirs: make_list(loc), cgi: "/index.php", qs: "menuaction=calendar.uicalendar.day&date=20040405<script>foo</script>", pass_str: '<script>foo</script>');