|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] phpGroupWare Cross-Site Scripting Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Jul 03 2003 - 07:12:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
phpGroupWare Cross-Site Scripting Vulnerabilities
READ ONLINE:
http://www.secunia.com/advisories/9172/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
phpGroupWare 0.x
DESCRIPTION:
Multiple vulnerabilities have been reported in phpGroupWare, which
can be exploited by malicious people to conduct Cross-Site Scripting
attacks against other users.
The vulnerabilities are caused due to input validation errors in all
modules containing forms, which can be exploited by supplying script
code to the various fields. The script code will be executed in a
user's browser session, when a malicious entry is viewed.
Successful exploitation can result in disclosure of various
information (eg. cookie-based authentication information) associated
with the site running phpGroupWare or inclusion of malicious content,
which the user thinks is part of the real website.
The vulnerabilities have been reported in version 0.9.14.003.
However, prior versions may also be affected.
SOLUTION:
Reportedly, this will be fixed in the upcoming version 0.9.16:
http://www.phpgroupware.org/
Filter malicious characters in a HTTP proxy or firewall with URL
filtering capabilities.
REPORTED BY / CREDITS:
François Sorin
ORIGINAL ADVISORY:
http://www.security-corporation.com/articles-20030702-005.html
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]