4.3

CVE-2004-1467

Exploit

EPSS 5.07%
Published 31.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Egroupware ≫ Egroupware Version1.0

Egroupware ≫ Egroupware Version1.0.1

Egroupware ≫ Egroupware Version1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.07%	0.887

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://sourceforge.net/forum/forum.php?forum_id=401807

http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml

Patch

http://www.securityfocus.com/archive/1/372603

Exploit

http://www.securityfocus.com/bid/11013

Patch

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/17078

https://nvd.nist.gov/vuln/detail/CVE-2004-1467

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1467

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1467

EUVD