|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-06] eGroupWare: Multiple XSS vulnerabilities Vulnerability Scan
Vulnerability Scan Summary eGroupWare: Multiple XSS vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-06
(eGroupWare: Multiple XSS vulnerabilities)
Joxean Koret recently discovered multiple cross site scripting
vulnerabilities in various modules for the eGroupWare suite. This includes
the calendar, address book, messenger and ticket modules.
Impact
These vulnerabilities give a possible hacker the ability to inject and execute
malicious script code, potentially compromising the victim's browser.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of eGroupWare.
References:
https://sourceforge.net/forum/forum.php?forum_id=401807
http://www.securityfocus.com/archive/1/372603/2004-08-21/2004-08-27/0
Solution:
All eGroupWare users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=www-apps/egroupware-1.0.00.004"
# emerge ">=www-apps/egroupware-1.0.00.004"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|