First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 63063
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Luke Macken (RETIRED) <lewk@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 63063 depends on: Show dependency tree
Bug 63063 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-09-06 15:35 0000 
TITLE:
phpGroupWare Unspecified Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA12466

VERIFY ADVISORY:
http://secunia.com/advisories/12466/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
phpGroupWare 0.x
http://secunia.com/product/1814/

DESCRIPTION:
An unspecified vulnerability has been reported in phpGroupWare, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

No more information is currently available.

SOLUTION:
Update to version 0.9.16.003.
http://downloads.phpgroupware.org/now

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://downloads.phpgroupware.org/changelog

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Luke Macken (RETIRED) 2004-09-06 15:39:04 0000 ------- 
web-apps,

can you please bump to 0.9.16.003

------- Comment #2 From Sune Kloppenborg Jeppesen 2004-09-06 23:55:02 0000 ------- 
A few more details from www.phpgroupware.org:

A XSS exploit has been discovered in the wiki module. The release fixes the problem and a few other bugs.

------- Comment #3 From Martin Holzer (RETIRED) 2004-09-07 01:11:35 0000 ------- 
also makes php5 users happy :)

------- Comment #4 From Renat Lumpau 2004-09-08 01:14:01 0000 ------- 
In CVS

------- Comment #5 From Thierry Carrez (RETIRED) 2004-09-08 02:36:06 0000 ------- 
Arches, please test and mark www-apps/phpgroupware-0.9.16.003 stable

------- Comment #6 From Pieter Van den Abeele 2004-09-08 14:31:05 0000 ------- 
ppc stable

------- Comment #7 From Danny van Dyk (RETIRED) 2004-09-15 05:52:01 0000 ------- 
stable on amd64.

------- Comment #8 From Luke Macken (RETIRED) 2004-09-15 10:35:45 0000 ------- 
x86, please mark stable.

------- Comment #9 From Olivier Crete 2004-09-16 14:48:45 0000 ------- 
finally marking stable on x86... its all yours lewk ;)

------- Comment #10 From Luke Macken (RETIRED) 2004-09-16 15:06:01 0000 ------- 
GLSA 200409-22

------- Comment #11 From Luke Macken (RETIRED) 2004-10-28 18:38:32 0000 ------- 
x86, please mark stable to benefit from GLSA.
First Last Prev Next    No search results available      Search page      Enter new bug