CVE-2010-3314
Description
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| egroupware | egroupware | 1.4.001 | |
| egroupware | egroupware | 1.4.001\+.002 | |
| egroupware | egroupware | 1.4.002 | |
| egroupware | egroupware | 1.6.001 | |
| egroupware | egroupware | 1.6.001\+.002 | |
| egroupware | egroupware | 1.6.002 | |
| egroupware | egroupware | 9.1 | |
| egroupware | egroupware | 9.2 | |
References
- http://www.debian.org/security/2010/dsa-2013
- http://www.egroupware.org/news?item=93
- http://www.exploit-db.com/exploits/11777/
- http://www.openwall.com/lists/oss-security/2010/09/21/7
- http://www.debian.org/security/2010/dsa-2013
- http://www.egroupware.org/news?item=93
- http://www.exploit-db.com/exploits/11777/
- http://www.openwall.com/lists/oss-security/2010/09/21/7
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.