CVE-2004-0875

2004-12-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0875

cross-site scripting

xss

phpgroupware

webdistro

security vulnerabilities

6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.

CPENameOperatorVersion
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.003
phpgroupware:phpgroupwarephpgroupwareeq0.9.13
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.005
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.006
phpgroupware:phpgroupwarephpgroupwareeq0.9.12
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.000
phpgroupware:phpgroupwarephpgroupwareeq0.9.16_rc1
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.002
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.007

CPE	Name	Operator	Version
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.003
phpgroupware:phpgroupware	phpgroupware	eq	0.9.13
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.005
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.006
phpgroupware:phpgroupware	phpgroupware	eq	0.9.12
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.000
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16_rc1
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.002
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.007