63063 – www-apps/phpgroupware: XSS Vulnerability

Bug 63063 - www-apps/phpgroupware: XSS Vulnerability

Summary: www-apps/phpgroupware: XSS Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/12466/
Whiteboard:	B3 [stable] lewk
Keywords:

Depends on:
Blocks:

Reported:	2004-09-06 15:35 UTC by Luke Macken (RETIRED)
Modified:	2011-10-30 22:37 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Macken (RETIRED) gentoo-dev

2004-09-06 15:35:05 UTC

TITLE:
phpGroupWare Unspecified Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA12466

VERIFY ADVISORY:
http://secunia.com/advisories/12466/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
phpGroupWare 0.x
http://secunia.com/product/1814/

DESCRIPTION:
An unspecified vulnerability has been reported in phpGroupWare, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

No more information is currently available.

SOLUTION:
Update to version 0.9.16.003.
http://downloads.phpgroupware.org/now

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://downloads.phpgroupware.org/changelog

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Luke Macken (RETIRED) gentoo-dev

2004-09-06 15:39:04 UTC

web-apps,

can you please bump to 0.9.16.003

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-09-06 23:55:02 UTC

A few more details from www.phpgroupware.org:

A XSS exploit has been discovered in the wiki module. The release fixes the problem and a few other bugs.

Comment 3 Martin Holzer (RETIRED) gentoo-dev

2004-09-07 01:11:35 UTC

also makes php5 users happy :)

Comment 4 Renat Lumpau (RETIRED) gentoo-dev

2004-09-08 01:14:01 UTC

In CVS

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2004-09-08 02:36:06 UTC

Arches, please test and mark www-apps/phpgroupware-0.9.16.003 stable

Comment 6 Pieter Van den Abeele (RETIRED) gentoo-dev

2004-09-08 14:31:05 UTC

ppc stable

Comment 7 Danny van Dyk (RETIRED) gentoo-dev

2004-09-15 05:52:01 UTC

stable on amd64.

Comment 8 Luke Macken (RETIRED) gentoo-dev

2004-09-15 10:35:45 UTC

x86, please mark stable.

Comment 9 Olivier Crete (RETIRED) gentoo-dev

2004-09-16 14:48:45 UTC

finally marking stable on x86... its all yours lewk ;)

Comment 10 Luke Macken (RETIRED) gentoo-dev

2004-09-16 15:06:01 UTC

GLSA 200409-22

Comment 11 Luke Macken (RETIRED) gentoo-dev

2004-10-28 18:38:32 UTC

x86, please mark stable to benefit from GLSA.