Egroupware

Egroupware

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2011-4951

Exploit
  • EPSS 0.5%
  • Published 31.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct ph...

4.3

CVE-2011-4950

Exploit
  • EPSS 0.59%
  • Published 31.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or ...

5

CVE-2011-4948

Exploit
  • EPSS 0.53%
  • Published 31.08.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot sla...

4.3

CVE-2010-3314

Exploit
  • EPSS 1.59%
  • Published 22.09.2010 19:00:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web sc...

7.5

CVE-2010-3313

  • EPSS 2.3%
  • Published 22.09.2010 19:00:03
  • Last modified 11.04.2025 00:51:21

phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows ...

10

CVE-2008-2041

  • EPSS 0.53%
  • Published 30.04.2008 16:17:00
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.

4.3

CVE-2008-1502

Exploit
  • EPSS 1.09%
  • Published 25.03.2008 19:44:00
  • Last modified 09.04.2025 00:30:58

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks...

4.3

CVE-2007-5091

  • EPSS 0.33%
  • Published 26.09.2007 20:17:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicate...

10

CVE-2007-3155

  • EPSS 1.18%
  • Published 11.06.2007 22:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.

10

CVE-2007-3154

  • EPSS 1.18%
  • Published 11.06.2007 22:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.