CVE-2004-1384
published 2004-12-31CVE-2004-1384: Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.04%
89.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
| phpgroupware | phpgroupware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2004-12-15
CVE-2004-1384 phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
phpGroupWare 0.9.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/11952/info
Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input.
The SQL injection issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to
Exploit-DB
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
exploitdb·2004-12-15
CVE-2004-1384 phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
phpGroupWare 0.9.x - 'viewticket_details.php?ticket_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11952/info
Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input.
The SQL injection issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to c
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110312656029072&w=2http://www.gentoo.org/security/en/glsa/glsa-200501-08.xmlhttp://www.gulftech.org/?node=research&article_id=00054-12142004http://www.securityfocus.com/bid/11952https://exchange.xforce.ibmcloud.com/vulnerabilities/18496http://marc.info/?l=bugtraq&m=110312656029072&w=2http://www.gentoo.org/security/en/glsa/glsa-200501-08.xmlhttp://www.gulftech.org/?node=research&article_id=00054-12142004http://www.securityfocus.com/bid/11952https://exchange.xforce.ibmcloud.com/vulnerabilities/18496
2004-12-31
Published