CVE-2004-1384

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

phpgroupware

xss

cve-2004-1384

security vulnerability

web script injection

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.

CPENameOperatorVersion
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.003
phpgroupware:phpgroupwarephpgroupwareeq0.9.13
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.005
phpgroupware:phpgroupwarephpgroupwareeq0.9.14.006
phpgroupware:phpgroupwarephpgroupwareeq0.9.12
phpgroupware:phpgroupwarephpgroupwareeq0.9.14
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.000
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.003
phpgroupware:phpgroupwarephpgroupwareeq0.9.16_rc1
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.002

CPE	Name	Operator	Version
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.003
phpgroupware:phpgroupware	phpgroupware	eq	0.9.13
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.005
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14.006
phpgroupware:phpgroupware	phpgroupware	eq	0.9.12
phpgroupware:phpgroupware	phpgroupware	eq	0.9.14
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.000
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.003
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16_rc1
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.002