ID EDB-ID:24403 Type exploitdb Reporter Joxean Koret Modified 2004-08-23T00:00:00
Description
EGroupWare 1.0 Calendar Module date Parameter XSS. CVE-2004-1467. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/11013/info
It is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities.
The cross-site scripting issues present themselves in the various parameters of the 'addressbook' and 'calendar' modules. It is also reported that data input through the 'Search' fields of the 'addressbook', 'calendar', and 'search between projects' functionality are not sufficiently sanitized.
An attacker can exploit these issues for theft of cookie-based authentication credentials and other attacks.
Additionally HTML injection vulnerabilities are reported for the eGroupWare 'Messenger' module and 'Ticket' module.
Attackers may potentially exploit these issues to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
http://www.example.com/egroupware/index.php?menuaction=calendar.uicalendar.day&date=20040701"><script>alert(document.cookie)</script
{"id": "EDB-ID:24403", "hash": "8f157882ce99223498ec73a3b8074f07", "type": "exploitdb", "bulletinFamily": "exploit", "title": "EGroupWare 1.0 Calendar Module date Parameter XSS", "description": "EGroupWare 1.0 Calendar Module date Parameter XSS. CVE-2004-1467. Webapps exploit for php platform", "published": "2004-08-23T00:00:00", "modified": "2004-08-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/24403/", "reporter": "Joxean Koret", "references": [], "cvelist": ["CVE-2004-1467"], "lastseen": "2016-02-02T23:14:34", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.4, "vector": "NONE", "modified": "2016-02-02T23:14:34"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1467"]}, {"type": "openvas", "idList": ["OPENVAS:54663"]}, {"type": "osvdb", "idList": ["OSVDB:9134", "OSVDB:9138", "OSVDB:9137", "OSVDB:9136"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200409-06.NASL", "EGROUPWARE_XSS.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200409-06"]}], "modified": "2016-02-02T23:14:34"}, "vulnersScore": 4.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/24403/", "sourceData": "source: http://www.securityfocus.com/bid/11013/info\r\n\r\nIt is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities.\r\n\r\nThe cross-site scripting issues present themselves in the various parameters of the 'addressbook' and 'calendar' modules. It is also reported that data input through the 'Search' fields of the 'addressbook', 'calendar', and 'search between projects' functionality are not sufficiently sanitized.\r\n\r\nAn attacker can exploit these issues for theft of cookie-based authentication credentials and other attacks.\r\n\r\nAdditionally HTML injection vulnerabilities are reported for the eGroupWare 'Messenger' module and 'Ticket' module.\r\n\r\nAttackers may potentially exploit these issues to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.\r\n\r\nhttp://www.example.com/egroupware/index.php?menuaction=calendar.uicalendar.day&date=20040701\"><script>alert(document.cookie)</script ", "osvdbidlist": ["9134"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:03", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.", "modified": "2017-07-11T01:31:00", "id": "CVE-2004-1467", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1467", "published": "2004-12-31T05:00:00", "title": "CVE-2004-1467", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-06.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54663", "id": "OPENVAS:54663", "title": "Gentoo Security Advisory GLSA 200409-06 (eGroupWare)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The eGroupWare software contains multiple cross site scripting\nvulnerabilities.\";\ntag_solution = \"All eGroupWare users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=www-apps/egroupware-1.0.00.004'\n # emerge '>=www-apps/egroupware-1.0.00.004'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=61510\nhttps://sourceforge.net/forum/forum.php?forum_id=401807\nhttp://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-06.\";\n\n \n\nif(description)\n{\n script_id(54663);\n script_cve_id(\"CVE-2004-1467\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200409-06 (eGroupWare)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/egroupware\", unaffected: make_list(\"ge 1.0.00.004\"), vulnerable: make_list(\"le 1.0.00.003\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"Subject\" variable upon submission to the Messenger Module script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.0.004 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"Subject\" variable upon submission to the Messenger Module script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.egroupware.org/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml)\nSecurity Tracker: 1011033\n[Secunia Advisory ID:12359](https://secuniaresearch.flexerasoftware.com/advisories/12359/)\n[Related OSVDB ID: 9138](https://vulners.com/osvdb/OSVDB:9138)\n[Related OSVDB ID: 9134](https://vulners.com/osvdb/OSVDB:9134)\n[Related OSVDB ID: 9135](https://vulners.com/osvdb/OSVDB:9135)\n[Related OSVDB ID: 9136](https://vulners.com/osvdb/OSVDB:9136)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0302.html\nISS X-Force ID: 17078\n[CVE-2004-1467](https://vulners.com/cve/CVE-2004-1467)\nBugtraq ID: 11013\n", "modified": "2004-08-21T07:59:32", "published": "2004-08-21T07:59:32", "href": "https://vulners.com/osvdb/OSVDB:9137", "id": "OSVDB:9137", "title": "eGroupWare Messenger Module Subject Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Field, Filter, QField, Start or search input variables upon submission to the Address Book Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.0.004 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Field, Filter, QField, Start or search input variables upon submission to the Address Book Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.egroupware.org/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml)\nSecurity Tracker: 1011033\n[Secunia Advisory ID:12359](https://secuniaresearch.flexerasoftware.com/advisories/12359/)\n[Related OSVDB ID: 9137](https://vulners.com/osvdb/OSVDB:9137)\n[Related OSVDB ID: 9138](https://vulners.com/osvdb/OSVDB:9138)\n[Related OSVDB ID: 9134](https://vulners.com/osvdb/OSVDB:9134)\n[Related OSVDB ID: 9135](https://vulners.com/osvdb/OSVDB:9135)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0302.html\nISS X-Force ID: 17078\n[CVE-2004-1467](https://vulners.com/cve/CVE-2004-1467)\nBugtraq ID: 11013\n", "modified": "2004-08-21T07:59:32", "published": "2004-08-21T07:59:32", "id": "OSVDB:9136", "href": "https://vulners.com/osvdb/OSVDB:9136", "title": "eGroupWare Address Book Module Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"date\" variable upon submission to the Calendar Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.0.004 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"date\" variable upon submission to the Calendar Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/egroupware/index.php?menuaction=calendar.uicalendar.day&date=20040701\"><script>alert(document.cookie)</script\n## References:\nVendor URL: http://www.egroupware.org/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml)\nSecurity Tracker: 1011033\n[Secunia Advisory ID:12359](https://secuniaresearch.flexerasoftware.com/advisories/12359/)\n[Related OSVDB ID: 9137](https://vulners.com/osvdb/OSVDB:9137)\n[Related OSVDB ID: 9138](https://vulners.com/osvdb/OSVDB:9138)\n[Related OSVDB ID: 9135](https://vulners.com/osvdb/OSVDB:9135)\n[Related OSVDB ID: 9136](https://vulners.com/osvdb/OSVDB:9136)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0302.html\nISS X-Force ID: 17078\n[CVE-2004-1467](https://vulners.com/cve/CVE-2004-1467)\nBugtraq ID: 11013\n", "modified": "2004-08-21T07:59:32", "published": "2004-08-21T07:59:32", "id": "OSVDB:9134", "href": "https://vulners.com/osvdb/OSVDB:9134", "title": "eGroupWare Calendar Module date Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"Subject\" variable upon submission to the Ticket Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.0.0.004 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\neGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"Subject\" variable upon submission to the Ticket Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.egroupware.org/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml)\nSecurity Tracker: 1011033\n[Secunia Advisory ID:12359](https://secuniaresearch.flexerasoftware.com/advisories/12359/)\n[Related OSVDB ID: 9137](https://vulners.com/osvdb/OSVDB:9137)\n[Related OSVDB ID: 9134](https://vulners.com/osvdb/OSVDB:9134)\n[Related OSVDB ID: 9135](https://vulners.com/osvdb/OSVDB:9135)\n[Related OSVDB ID: 9136](https://vulners.com/osvdb/OSVDB:9136)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0302.html\nISS X-Force ID: 17078\n[CVE-2004-1467](https://vulners.com/cve/CVE-2004-1467)\nBugtraq ID: 11013\n", "modified": "2004-08-21T07:59:32", "published": "2004-08-21T07:59:32", "id": "OSVDB:9138", "href": "https://vulners.com/osvdb/OSVDB:9138", "title": "eGroupWare Ticket Module Subject Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "description": "### Background\n\neGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. \n\n### Description\n\nJoxean Koret recently discovered multiple cross site scripting vulnerabilities in various modules for the eGroupWare suite. This includes the calendar, address book, messenger and ticket modules. \n\n### Impact\n\nThese vulnerabilities give an attacker the ability to inject and execute malicious script code, potentially compromising the victim's browser. \n\n### Workaround\n\nThere is no known workaround at this time. All users are encouraged to upgrade to the latest available version of eGroupWare. \n\n### Resolution\n\nAll eGroupWare users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=www-apps/egroupware-1.0.00.004\"\n # emerge \">=www-apps/egroupware-1.0.00.004\"", "modified": "2006-05-22T00:00:00", "published": "2004-09-02T00:00:00", "id": "GLSA-200409-06", "href": "https://security.gentoo.org/glsa/200409-06", "type": "gentoo", "title": "eGroupWare: Multiple XSS vulnerabilities", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T02:26:12", "bulletinFamily": "scanner", "description": "The remote version of eGroupware is vulnerable to a cross-site\nscripting attack. This could allow a remote attacker to steal the\ncookies of a legitimate user by tricking them into clicking a\nmaliciously crafted URL.\n\neGroupware reportedly has other cross-site scripting vulnerabilities,\nthough Nessus has not tested for those issues.", "modified": "2019-11-02T00:00:00", "id": "EGROUPWARE_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/14358", "published": "2004-08-23T00:00:00", "title": "eGroupWare <= 1.0.00.003 Multiple Module XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif(description)\n{\n script_id(14358);\n script_version(\"1.25\");\n script_cve_id(\"CVE-2004-1467\");\n script_bugtraq_id(11013);\n \n script_name(english:\"eGroupWare <= 1.0.00.003 Multiple Module XSS\");\n script_summary(english:\"Checks for the presence of an XSS bug in EGroupWare\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host has a cross-site\nscripting vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of eGroupware is vulnerable to a cross-site\nscripting attack. This could allow a remote attacker to steal the\ncookies of a legitimate user by tricking them into clicking a\nmaliciously crafted URL.\n\neGroupware reportedly has other cross-site scripting vulnerabilities,\nthough Nessus has not tested for those issues.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/2004/Aug/306\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to eGroupware 1.0.0.004 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/08/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencie(\"egroupware_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port))exit(0);\nif ( get_kb_item(string(\"www/\", port, \"/generic_xss\")) ) exit(0);\n\nkb = get_kb_item(\"www/\" + port + \"/egroupware\");\nif ( ! kb ) exit(0);\nstuff = eregmatch(pattern:\"(.*) under (.*)\", string:kb);\nloc = stuff[2];\n\ntest_cgi_xss(port: port, dirs: make_list(loc), cgi: \"/index.php\",\n qs: \"menuaction=calendar.uicalendar.day&date=20040405<script>foo</script>\",\n pass_str: '<script>foo</script>');\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:40:12", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200409-06\n(eGroupWare: Multiple XSS vulnerabilities)\n\n Joxean Koret recently discovered multiple cross site scripting\n vulnerabilities in various modules for the eGroupWare suite. This\n includes the calendar, address book, messenger and ticket modules.\n \nImpact :\n\n These vulnerabilities give an attacker the ability to inject and\n execute malicious script code, potentially compromising the victim", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200409-06.NASL", "href": "https://www.tenable.com/plugins/nessus/14653", "published": "2004-09-03T00:00:00", "title": "GLSA-200409-06 : eGroupWare: Multiple XSS vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-06.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14653);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:41\");\n\n script_cve_id(\"CVE-2004-1467\");\n script_xref(name:\"GLSA\", value:\"200409-06\");\n\n script_name(english:\"GLSA-200409-06 : eGroupWare: Multiple XSS vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-06\n(eGroupWare: Multiple XSS vulnerabilities)\n\n Joxean Koret recently discovered multiple cross site scripting\n vulnerabilities in various modules for the eGroupWare suite. This\n includes the calendar, address book, messenger and ticket modules.\n \nImpact :\n\n These vulnerabilities give an attacker the ability to inject and\n execute malicious script code, potentially compromising the victim's\n browser.\n \nWorkaround :\n\n There is no known workaround at this time. All users are encouraged to\n upgrade to the latest available version of eGroupWare.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/forum/forum.php?forum_id=401807\"\n );\n # http://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All eGroupWare users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=www-apps/egroupware-1.0.00.004'\n # emerge '>=www-apps/egroupware-1.0.00.004'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:egroupware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/egroupware\", unaffected:make_list(\"ge 1.0.00.004\"), vulnerable:make_list(\"le 1.0.00.003\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eGroupWare\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
