CVE-2004-0875 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.

Affected Software

Name	Vendor	Start Version	End Version
Phpgroupware	Phpgroupware	0.9.12 (including)	0.9.12 (including)
Phpgroupware	Phpgroupware	0.9.13 (including)	0.9.13 (including)
Phpgroupware	Phpgroupware	0.9.14.003 (including)	0.9.14.003 (including)
Phpgroupware	Phpgroupware	0.9.14.005 (including)	0.9.14.005 (including)
Phpgroupware	Phpgroupware	0.9.14.006 (including)	0.9.14.006 (including)
Phpgroupware	Phpgroupware	0.9.14.007 (including)	0.9.14.007 (including)
Phpgroupware	Phpgroupware	0.9.16.000 (including)	0.9.16.000 (including)
Phpgroupware	Phpgroupware	0.9.16.002 (including)	0.9.16.002 (including)
Phpgroupware	Phpgroupware	0.9.16_rc1 (including)	0.9.16_rc1 (including)

References

http://downloads.phpgroupware.org/changelog
http://www.gentoo.org/security/en/glsa/glsa-200409-22.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/17289

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0875
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html