Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMarcos GarciaPACKETSTORM:111626
HistoryApr 06, 2012 - 12:00 a.m.

Egroupware 1.8.002 Cross Site Scripting

2012-04-0600:00:00
Marcos Garcia
packetstormsecurity.com
31

EPSS

0.002

Percentile

57.3%

JSON
`Egroupware v1.8.002 (process_exec.php) Reflected Cross-Site Scripting (XSS)  
Google Dork: inurl:etemplate/process_exec.php  
Title: Egroupware v1.8.002 (process_exec.php) Remote XSS Vulnerability  
Type: Remote  
Author: Marcos Garcia  
Severity: Medium – CVSS: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Impact: Direct execution of arbitrary code in the context of Webserver user.  
Release Date: 05.04.2012  
Release mode: Coordinated release  
  
Summary  
=======  
  
EGroupware is free open source groupware software intended for  
businesses from small to enterprises. Its primary functions allow  
users to manage contacts, appointments, projects and to-do lists.  
  
Description  
===========  
  
A reflected Cross Site Scripting vulnerability was found in  
EGroupware, because the application fails to sanitize user-supplied  
input. The vulnerability can be triggered by any user.  
  
--------------------------------------------------------------------------------  
  
Detecting vulnerabilities  
- /var/www/egroupware/etemplate:13  
list($app) = explode('.',$_GET['menuaction']);  
  
--------------------------------------------------------------------------------  
  
Vendor  
======  
  
Egroupware - http://www.egroupware.org/  
  
  
Affected Version  
================  
  
1.8.002  
  
PoC  
===  
- /var/www/egroupware/etemplate:13  
list($app) = explode('.',$_GET['menuaction']);  
  
Attack: menuaction=[XSS] (GET)  
http://host/egroupware/etemplate/process_exec.php?menuaction=TEST<script>alert(123)</script>  
  
  
Credits  
=======  
  
Vulnerability discovered by Marcos Garcia (@artsweb).  
  
Solution  
========  
  
Upgrade to Egroupware v1.8.004 (http://www.egroupware.org)  
  
Vendor Status  
=============  
  
[24.03.2012] Vulnerability discovered.  
[24.03.2012] Vendor informed.  
[29.03.2012] Asked vendor for status.  
[29.03.2012] Vendor replied.  
[01.04.2012] Vendor reveals patch release date.  
[05.04.2012] Public advisory.  
  
Changelog  
=========  
  
[05.04.2012] - Initial release  
`

Related

cve 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2012-2211
2012-11-22 12:28:40
cvelist
cvelist
CVE-2012-2211
2012-11-22 11:00:00
prion
prion
Cross site scripting
2012-11-22 12:28:00
nvd
nvd
CVE-2012-2211
2012-11-22 12:28:40

EPSS

0.002

Percentile

57.3%

JSON
Related for PACKETSTORM:111626
cve1cvelist1prion1nvd1