eGroupware Community Edition Stored XSS vulnerability
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Apr 25, 2024
Package
Affected versions
< 16.1.20170922
Patched versions
16.1.20170922
Description
Published by the National Vulnerability Database
Sep 30, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Apr 25, 2024
Last updated
Apr 25, 2024
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
References