Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026
CVE-2004-2574
CVE-2004-2574
Description
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*range: <=0.9.16.005
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
- (no CPE)range: <=0.9.14.005
Patches
Vulnerability mechanics
References
2- www.osvdb.org/7600nvdExploit
- www.securityfocus.com/bid/12082nvdExploitPatch
News mentions
0No linked articles in our index yet.