Multiple PHPGroupWare HTML Injection Vulnerabilities
The vendor has addressed this issue in phpGroupWare 0.9.14.005.
Mandrake has released an advisory (MDKSA-2003:077) that addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.
Conectiva has released an advisory (CLA-2003:697) that addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.
Debian has released advisory DSA 365-1 with fixes to address this issue. See referenced advisory for additional information.
Fixes are available:
PHPGroupWare PHPGroupWare 0.9.12
PHPGroupWare PHPGroupWare 0.9.13
PHPGroupWare PHPGroupWare 0.9.14 .003
MandrakeSoft Corporate Server 2.1
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 9.1
Mandriva Linux Mandrake 9.1 ppc