Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions prior to 0.9.16.014, allows remote malicious users to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgroupware phpgroupware 0.9.16.12 |