CVE-2009-4416

Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
phpgroupwarephpgroupware
0.9.16.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpgroupware
oneiric
dne
natty
dne
maverick
dne
lucid
not-affected
karmic
Fixed 1:0.9.16.012+dfsg-8+lenny1build0.9.10.1
released
jaunty
Fixed 1:0.9.16.012+dfsg-8+lenny1build0.9.04.1
released
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
http://secunia.com/advisories/35519
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117
http://www.openwall.com/lists/oss-security/2009/12/20/1
http://www.osvdb.org/56179
http://www.securityfocus.com/bid/35761
https://exchange.xforce.ibmcloud.com/vulnerabilities/51923
http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
http://secunia.com/advisories/35519
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045&r2=19117&pathrev=19117&sortby=date&root=phpgroupware
http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117
http://www.openwall.com/lists/oss-security/2009/12/20/1
http://www.osvdb.org/56179
http://www.securityfocus.com/bid/35761
https://exchange.xforce.ibmcloud.com/vulnerabilities/51923