Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 63063

Summary: www-apps/phpgroupware: XSS Vulnerability
Product: Gentoo Security Reporter: Luke Macken (RETIRED) <lewk>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: web-apps, x86
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/12466/
Whiteboard: B3 [stable] lewk
Package list:
Runtime testing required: ---

Description Luke Macken (RETIRED) gentoo-dev 2004-09-06 15:35:05 UTC 
TITLE:
phpGroupWare Unspecified Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA12466

VERIFY ADVISORY:
http://secunia.com/advisories/12466/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
phpGroupWare 0.x
http://secunia.com/product/1814/

DESCRIPTION:
An unspecified vulnerability has been reported in phpGroupWare, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

No more information is currently available.

SOLUTION:
Update to version 0.9.16.003.
http://downloads.phpgroupware.org/now

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://downloads.phpgroupware.org/changelog

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-09-06 15:39:04 UTC 
web-apps,

can you please bump to 0.9.16.003
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-09-06 23:55:02 UTC 
A few more details from www.phpgroupware.org:

A XSS exploit has been discovered in the wiki module. The release fixes the problem and a few other bugs.
Comment 3 Martin Holzer (RETIRED) gentoo-dev 2004-09-07 01:11:35 UTC 
also makes php5 users happy :)
Comment 4 Renat Lumpau (RETIRED) gentoo-dev 2004-09-08 01:14:01 UTC 
In CVS
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-09-08 02:36:06 UTC 
Arches, please test and mark www-apps/phpgroupware-0.9.16.003 stable
Comment 6 Pieter Van den Abeele (RETIRED) gentoo-dev 2004-09-08 14:31:05 UTC 
ppc stable
Comment 7 Danny van Dyk (RETIRED) gentoo-dev 2004-09-15 05:52:01 UTC 
stable on amd64.
Comment 8 Luke Macken (RETIRED) gentoo-dev 2004-09-15 10:35:45 UTC 
x86, please mark stable.
Comment 9 Olivier Crete (RETIRED) gentoo-dev 2004-09-16 14:48:45 UTC 
finally marking stable on x86... its all yours lewk ;)
Comment 10 Luke Macken (RETIRED) gentoo-dev 2004-09-16 15:06:01 UTC 
GLSA 200409-22
Comment 11 Luke Macken (RETIRED) gentoo-dev 2004-10-28 18:38:32 UTC 
x86, please mark stable to benefit from GLSA.