Egroupware

Egroupware

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-38329

  • EPSS 0.06%
  • Published 11.07.2025 00:00:00
  • Last modified 11.09.2025 20:49:38

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET p...

5.3

CVE-2023-38327

  • EPSS 0.05%
  • Published 11.07.2025 00:00:00
  • Last modified 11.09.2025 20:50:21

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response.

9.8

CVE-2024-40614

  • EPSS 0.05%
  • Published 07.07.2024 15:15:09
  • Last modified 21.11.2024 17:15:14

EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.

4.9

CVE-2023-38328

  • EPSS 0.05%
  • Published 26.10.2023 22:15:08
  • Last modified 21.11.2024 08:13:20

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext da...

6.1

CVE-2017-14920

  • EPSS 1.22%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

7.5

CVE-2014-2027

  • EPSS 2.31%
  • Published 31.03.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fiel...

8.5

CVE-2014-2988

Exploit
  • EPSS 0.91%
  • Published 27.10.2014 01:55:24
  • Last modified 12.04.2025 10:46:40

EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the ca...

6.8

CVE-2014-2987

Exploit
  • EPSS 3.68%
  • Published 26.10.2014 18:55:04
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authenticat...

4.3

CVE-2012-2211

Exploit
  • EPSS 0.3%
  • Published 22.11.2012 12:28:40
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: ...

7.5

CVE-2011-4949

Exploit
  • EPSS 0.84%
  • Published 31.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL...