phpGroupWare index.php Calendar Date Variable XSS

2004-01-27T00:00:00
ID OSVDB:7600
Type osvdb
Reporter Cedric Cochin(cco@netvigilance.com)
Modified 2004-01-27T00:00:00

Description

Vulnerability Description

phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "date" variable upon submission to the "index.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 0.9.14.006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "date" variable upon submission to the "index.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/[phpgroupware_directory]/index.php?menuaction=calendar.uicalendar.planner

POST DATA: date="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.phpgroupware.org/ Vendor Specific Advisory URL Related OSVDB ID: 7603 Related OSVDB ID: 7602 Related OSVDB ID: 7601 Related OSVDB ID: 7604 Related OSVDB ID: 7599 CVE-2004-2574 Bugtraq ID: 12082