Egroupware

Egroupware

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-38329

  • EPSS 0.06%
  • Veröffentlicht 11.07.2025 00:00:00
  • Zuletzt bearbeitet 11.09.2025 20:49:38

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET p...

5.3

CVE-2023-38327

  • EPSS 0.05%
  • Veröffentlicht 11.07.2025 00:00:00
  • Zuletzt bearbeitet 11.09.2025 20:50:21

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response.

9.8

CVE-2024-40614

  • EPSS 0.05%
  • Veröffentlicht 07.07.2024 15:15:09
  • Zuletzt bearbeitet 21.11.2024 17:15:14

EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.

4.9

CVE-2023-38328

  • EPSS 0.05%
  • Veröffentlicht 26.10.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:13:20

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext da...

6.1

CVE-2017-14920

  • EPSS 1.22%
  • Veröffentlicht 30.09.2017 01:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

7.5

CVE-2014-2027

  • EPSS 2.31%
  • Veröffentlicht 31.03.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fiel...

8.5

CVE-2014-2988

Exploit
  • EPSS 0.91%
  • Veröffentlicht 27.10.2014 01:55:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the ca...

6.8

CVE-2014-2987

Exploit
  • EPSS 3.68%
  • Veröffentlicht 26.10.2014 18:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authenticat...

4.3

CVE-2012-2211

Exploit
  • EPSS 0.3%
  • Veröffentlicht 22.11.2012 12:28:40
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: ...

7.5

CVE-2011-4949

Exploit
  • EPSS 0.84%
  • Veröffentlicht 31.08.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL...