Vulnerabilities > Phpgroupware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2574 | HTML Injection vulnerability in PHPgroupware 0.9.16.000/0.9.16.002/0.9.16.003 Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction. network phpgroupware | 4.3 |
| 2004-12-31 | CVE-2004-1385 | Information Disclosure vulnerability in Phpgroupware phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message. | 5.0 |
| 2004-12-31 | CVE-2004-1384 | Cross-Site Scripting and SQL Injection vulnerability in PHPGroupWare Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php. network phpgroupware | 4.3 |
| 2004-12-23 | CVE-2004-0875 | Unspecified vulnerability in PHPgroupware Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. network phpgroupware | 6.8 |
| 2003-08-07 | CVE-2003-0504 | Cross-Site Scripting vulnerability in PHPgroupware 0.9.14.003 Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. network phpgroupware | 4.3 |