330 matches found
CVE-2023-38329
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...
CVE-2023-38327
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...
Information Exposure
Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Information Exposure via the calendar/freebusy.php process. An attacker can obtain a li...
Cross-site Scripting (XSS)
Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the user parameter in the calendar/freebusy.php process. A...
PT-2025-29232 · Unknown · Egroupware
Name of the Vulnerable Software and Affected Versions: eGroupWare version 17.1.20190111 Description: An issue exists in eGroupWare that allows for the injection of arbitrary web script or HTML. The vulnerability is a cross-site scripting XSS of the Reflected type and is located in the...
CVE-2023-38329
The CVE-2023-38329 issue affects eGroupWare 17.1.20190111. A reflected cross-site scripting (XSS) vulnerability exists in calendar/freebusy.php where the 'user' parameter is reflected without sanitization. An unauthenticated remote attacker can inject arbitrary web script or HTML, with the docume...
CVE-2023-38327
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...
CVE-2023-38329
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...
CVE-2023-38329
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...
EGroupware 安全漏洞
EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of user enumeration in calendar/freebusy.php, which could allow an unauthenticated, remote attacker to enumerate web application users...
CVE-2023-38327
The CVE-2023-38327 issue affects eGroupWare version 17.1.20190111. Affected component is the calendar/freebusy.php endpoint, where an unauthenticated remote attacker can enumerate web application users based on server response. The vulnerability is a user enumeration flaw with a CVSS v3.1 base sc...
PT-2025-29231 · Unknown · Egroupware
Name of the Vulnerable Software and Affected Versions: eGroupWare version 17.1.20190111 Description: A user enumeration issue exists in eGroupWare. An unauthenticated remote attacker can enumerate users of web applications based on server response via the /calendar/freebusy.php API endpoint...
CVE-2023-38327
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response...
EGroupware 安全漏洞
EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of reflective cross-site scripting in calendar/freebusy.php, which could allow an unauthenticated, remote attacker to inject arbitrary w...
CVE-2024-40614
EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajaxgetrows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting...
CVE-2023-38328
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...
CVE-2010-3314
Cross-site scripting XSS vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2011-4951
Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter...
CVE-2011-4948
Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash in the type parameter...
CVE-2011-4950
Cross-site scripting XSS vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...