This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
several cross-site scripting vulnerabilities.
The version of PhpGroupWare on the remote host is reportedly affected
by HTML injection vulnerabilities that present themselves due to a
lack of sufficient input validation performed on form fields used by
A malicious attacker may exploit these issues to inject arbitrary HTML
and script code using these form fields that then may be incorporated
into dynamically-generated web content.
See also :
Update to version 0.9.16 RC3 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true