HomePentest-Tools.com Logo

EGroupware multiple vulnerabilities CVE-2010-3313CVE-2010-3314

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

EGroupware is prone to multiple vulnerabilities.

Risk description

1. Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002, 1.6.001+.002 and possibly other versions before 1.6.003 and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2. phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002, 1.6.001+.002 and possibly other versions before 1.6.003 and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.

Recommendation

Vendor updates are available. Please see the references for details.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 22, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available