Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-1467 | First vendor Publication | 2004-12-31 |
Vendor | Cve | Last vendor Modification | 2017-07-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1467 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-06 (eGroupWare) File : nvt/glsa_200409_06.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9138 | eGroupWare Ticket Module Subject Parameter XSS eGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Subject" variable upon submission to the Ticket Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
9137 | eGroupWare Messenger Module Subject Parameter XSS eGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Subject" variable upon submission to the Messenger Module script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
9136 | eGroupWare Address Book Module Multiple Parameter XSS eGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Field, Filter, QField, Start or search input variables upon submission to the Address Book Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
9134 | eGroupWare Calendar Module date Parameter XSS eGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "date" variable upon submission to the Calendar Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-06.nasl - Type : ACT_GATHER_INFO |
2004-08-23 | Name : A web application running on the remote host has a cross-site scripting vulne... File : egroupware_xss.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:31 |
|
2021-04-22 01:02:42 |
|
2020-05-23 00:16:01 |
|
2017-07-11 12:01:37 |
|
2014-02-17 10:28:51 |
|
2013-05-11 11:45:11 |
|