VYPR

Egroupware

by Egroupware

Source repositories

CVEs (25)

  • CVE-2007-5091Sep 26, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.

  • CVE-2007-3154Jun 11, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.

  • CVE-2007-3155Jun 11, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.

  • CVE-2005-3348Nov 18, 2005
    risk 0.00cvss epss 0.02

    HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

  • CVE-2005-1129May 2, 2005
    risk 0.00cvss epss 0.00

    eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.

Page 2 of 2