Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 63063 - www-apps/phpgroupware: XSS Vulnerability
Summary: www-apps/phpgroupware: XSS Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/12466/
Whiteboard: B3 [stable] lewk
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-06 15:35 UTC by Luke Macken (RETIRED)
Modified: 2011-10-30 22:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luke Macken (RETIRED) gentoo-dev 2004-09-06 15:35:05 UTC
TITLE:
phpGroupWare Unspecified Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA12466

VERIFY ADVISORY:
http://secunia.com/advisories/12466/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
phpGroupWare 0.x
http://secunia.com/product/1814/

DESCRIPTION:
An unspecified vulnerability has been reported in phpGroupWare, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

No more information is currently available.

SOLUTION:
Update to version 0.9.16.003.
http://downloads.phpgroupware.org/now

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://downloads.phpgroupware.org/changelog

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-09-06 15:39:04 UTC
web-apps,

can you please bump to 0.9.16.003
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2004-09-06 23:55:02 UTC
A few more details from www.phpgroupware.org:

A XSS exploit has been discovered in the wiki module. The release fixes the problem and a few other bugs.

Comment 3 Martin Holzer (RETIRED) gentoo-dev 2004-09-07 01:11:35 UTC
also makes php5 users happy :)
Comment 4 Renat Lumpau (RETIRED) gentoo-dev 2004-09-08 01:14:01 UTC
In CVS
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-09-08 02:36:06 UTC
Arches, please test and mark www-apps/phpgroupware-0.9.16.003 stable
Comment 6 Pieter Van den Abeele (RETIRED) gentoo-dev 2004-09-08 14:31:05 UTC
ppc stable
Comment 7 Danny van Dyk (RETIRED) gentoo-dev 2004-09-15 05:52:01 UTC
stable on amd64.
Comment 8 Luke Macken (RETIRED) gentoo-dev 2004-09-15 10:35:45 UTC
x86, please mark stable.
Comment 9 Olivier Crete (RETIRED) gentoo-dev 2004-09-16 14:48:45 UTC
finally marking stable on x86... its all yours lewk ;)
Comment 10 Luke Macken (RETIRED) gentoo-dev 2004-09-16 15:06:01 UTC
GLSA 200409-22
Comment 11 Luke Macken (RETIRED) gentoo-dev 2004-10-28 18:38:32 UTC
x86, please mark stable to benefit from GLSA.