eGroupware Cross Site Scripting and Remote Command Execution Vulnerabilities

eGroupware Cross Site Scripting and Remote Command Execution Vulnerabilities

eGroupware is prone to a cross-site scripting vulnerability and a remote command-execution vulnerability.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

An attacker can exploit the remote command-execution issue to execute arbitrary shell commands in the context of the webserver process.

Versions prior to eGroupware 1.6.003 are vulnerable.