Lucene search
K

330 matches found

OSV
OSV
added 2025/07/11 3:15 p.m.3 views

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

6.1CVSS6AI score
Exploits0References1
OSV
OSV
added 2025/07/11 3:15 p.m.3 views

CVE-2023-38327

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...

5.3CVSS7.2AI score
Exploits0References1
Snyk
Snyk
added 2025/07/11 2:46 p.m.3 views

Information Exposure

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Information Exposure via the calendar/freebusy.php process. An attacker can obtain a li...

6.9CVSS6.9AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/11 2:45 p.m.1 views

Cross-site Scripting (XSS)

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user parameter in the calendar/freebusy.php process. A...

6.1CVSS5.5AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.3 views

PT-2025-29232 · Unknown · Egroupware

Name of the Vulnerable Software and Affected Versions: eGroupWare version 17.1.20190111 Description: An issue exists in eGroupWare that allows for the injection of arbitrary web script or HTML. The vulnerability is a cross-site scripting XSS of the Reflected type and is located in the...

6.1CVSS5.9AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 2025/07/11 12:0 a.m.23 views

CVE-2023-38329

The CVE-2023-38329 issue affects eGroupWare 17.1.20190111. A reflected cross-site scripting (XSS) vulnerability exists in calendar/freebusy.php where the 'user' parameter is reflected without sanitization. An unauthenticated remote attacker can inject arbitrary web script or HTML, with the docume...

6.1CVSS6AI score0.00238EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/11 12:0 a.m.4 views

CVE-2023-38327

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...

6.7AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/11 12:0 a.m.4 views

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

5.6AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.8 views

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.2 views

EGroupware 安全漏洞

EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of user enumeration in calendar/freebusy.php, which could allow an unauthenticated, remote attacker to enumerate web application users...

5.3CVSS6.6AI score0.00301EPSS
Exploits0References2
CVE
CVE
added 2025/07/11 12:0 a.m.23 views

CVE-2023-38327

The CVE-2023-38327 issue affects eGroupWare version 17.1.20190111. Affected component is the calendar/freebusy.php endpoint, where an unauthenticated remote attacker can enumerate web application users based on server response. The vulnerability is a user enumeration flaw with a CVSS v3.1 base sc...

5.3CVSS7.3AI score0.00301EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.5 views

PT-2025-29231 · Unknown · Egroupware

Name of the Vulnerable Software and Affected Versions: eGroupWare version 17.1.20190111 Description: A user enumeration issue exists in eGroupWare. An unauthenticated remote attacker can enumerate users of web applications based on server response via the /calendar/freebusy.php API endpoint...

5.3CVSS6.4AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.9 views

CVE-2023-38327

An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...

0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.4 views

EGroupware 安全漏洞

EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of reflective cross-site scripting in calendar/freebusy.php, which could allow an unauthenticated, remote attacker to inject arbitrary w...

6.1CVSS5.9AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.9 views

CVE-2024-40614

EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajaxgetrows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting...

9.8CVSS7.7AI score0.00678EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.8 views

CVE-2023-38328

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...

4.9CVSS6.6AI score0.00578EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:41 p.m.10 views

CVE-2010-3314

Cross-site scripting XSS vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

4.3CVSS5.9AI score0.03398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 a.m.12 views

CVE-2011-4951

Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter...

5.8CVSS7AI score0.01491EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 a.m.8 views

CVE-2011-4948

Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash in the type parameter...

5CVSS7AI score0.02263EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.7 views

CVE-2011-4950

Cross-site scripting XSS vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

4.3CVSS5.9AI score0.01411EPSS
Exploits1References1
Rows per page
Query Builder