CVE-2004-1384 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.

Affected Software

Name	Vendor	Start Version	End Version
Phpgroupware	Phpgroupware	0.9.12 (including)	0.9.12 (including)
Phpgroupware	Phpgroupware	0.9.13 (including)	0.9.13 (including)
Phpgroupware	Phpgroupware	0.9.14 (including)	0.9.14 (including)
Phpgroupware	Phpgroupware	0.9.14.003 (including)	0.9.14.003 (including)
Phpgroupware	Phpgroupware	0.9.14.005 (including)	0.9.14.005 (including)
Phpgroupware	Phpgroupware	0.9.14.006 (including)	0.9.14.006 (including)
Phpgroupware	Phpgroupware	0.9.14.007 (including)	0.9.14.007 (including)
Phpgroupware	Phpgroupware	0.9.16.000 (including)	0.9.16.000 (including)
Phpgroupware	Phpgroupware	0.9.16.002 (including)	0.9.16.002 (including)
Phpgroupware	Phpgroupware	0.9.16.003 (including)	0.9.16.003 (including)
Phpgroupware	Phpgroupware	0.9.16_rc1 (including)	0.9.16_rc1 (including)
Phpgroupware	Ubuntu	dapper	*
Phpgroupware	Ubuntu	devel	*
Phpgroupware	Ubuntu	edgy	*
Phpgroupware	Ubuntu	feisty	*

References

http://marc.info/?l=bugtraq\u0026m=110312656029072\u0026w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
http://www.gulftech.org/?node=research\u0026article_id=00054-12142004
http://www.securityfocus.com/bid/11952
https://exchange.xforce.ibmcloud.com/vulnerabilities/18496
http://marc.info/?l=bugtraq\u0026m=110312656029072\u0026w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
http://www.gulftech.org/?node=research\u0026article_id=00054-12142004
http://www.securityfocus.com/bid/11952
https://exchange.xforce.ibmcloud.com/vulnerabilities/18496

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1384
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html