phpGroupWare: XSS vulnerability in wiki module — GLSA 200409-22

The phpGroupWare software contains a cross site scripting vulnerability in the wiki module.

Affected Packages

www-apps/phpgroupware on all architectures
Affected versions < 0.9.16.003
Unaffected versions >= 0.9.16.003

Background

phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager.

Description

Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks.

Impact

This vulnerability gives an attacker the ability to inject and execute malicious script code, potentially compromising the victim's browser.

Workaround

The is no known workaround at this time.

Resolution

All phpGroupWare users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=www-apps/phpgroupware-0.9.16.003"
 # emerge ">=www-apps/phpgroupware-0.9.16.003"

References

Release Date
September 16, 2004

Latest Revision
May 22, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries