CVE-2009-4416

EUVD-2009-4383
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
phpgroupwarephpgroupware
0.9.16.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpgroupware
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
Fixed 1:0.9.16.012+dfsg-8+lenny1build0.9.04.1
released
karmic
Fixed 1:0.9.16.012+dfsg-8+lenny1build0.9.10.1
released
lucid
not-affected
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
http://secunia.com/advisories/35519
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117
http://www.openwall.com/lists/oss-security/2009/12/20/1
http://www.osvdb.org/56179
http://www.securityfocus.com/bid/35761
https://exchange.xforce.ibmcloud.com/vulnerabilities/51923
http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
http://secunia.com/advisories/35519
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117
http://www.openwall.com/lists/oss-security/2009/12/20/1
http://www.osvdb.org/56179
http://www.securityfocus.com/bid/35761
https://exchange.xforce.ibmcloud.com/vulnerabilities/51923