Vulnerability Name:

CVE-2004-1384 (CCN-18496)

Assigned:2004-12-15
Published:2004-12-15
Updated:2017-07-11
Summary:Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Dec 14 2004 - 21:15:17 CST
Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]

Source: MITRE
Type: CNA
CVE-2004-1384

Source: BUGTRAQ
Type: UNKNOWN
20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]

Source: CCN
Type: GLSA-200501-08
phpGroupWare: Various vulnerabilities

Source: GENTOO
Type: Patch
GLSA-200501-08

Source: MISC
Type: Exploit
http://www.gulftech.org/?node=research&article_id=00054-12142004

Source: CCN
Type: OSVDB ID: 12393
phpGroupWare index.php Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 12394
phpGroupWare viewticket_details.php ticket_id Parameter XSS

Source: BID
Type: Exploit, Patch
11952

Source: CCN
Type: BID-11952
PHPGroupWare Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

Source: XF
Type: UNKNOWN
phpgroupware-index-multiple-xss(18496)

Source: XF
Type: UNKNOWN
phpgroupware-index-preferences-xss(18496)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.005:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.006:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.007:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16_rc1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    phpgroupware phpgroupware 0.9.12
    phpgroupware phpgroupware 0.9.13
    phpgroupware phpgroupware 0.9.14
    phpgroupware phpgroupware 0.9.14.003
    phpgroupware phpgroupware 0.9.14.005
    phpgroupware phpgroupware 0.9.14.006
    phpgroupware phpgroupware 0.9.14.007
    phpgroupware phpgroupware 0.9.16.000
    phpgroupware phpgroupware 0.9.16.002
    phpgroupware phpgroupware 0.9.16.003
    phpgroupware phpgroupware 0.9.16_rc1