eGroupware Cross Site Scripting and Remote Command Execution Vulnerabilities
eGroupware is prone to a cross-site scripting vulnerability and a remote command-execution vulnerability.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
An attacker can exploit the remote command-execution issue to execute arbitrary shell commands in the context of the webserver process.
Versions prior to eGroupware 1.6.003 are vulnerable.