Multiple cross-site scripting (XSS) vulnerabilities in eGroupware prior to 1.0.0.007 allow remote malicious users to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
egroupware egroupware 1.0.3 |
||
egroupware egroupware 1.0.6 |
||
egroupware egroupware 1.0 |
||
egroupware egroupware 1.0.1 |