icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHPGroupWare < 0.9.16.003 Wiki Module XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host appears to be running PHPGroupWare, a groupware system implemented in PHP. This version is reported to be vulnerable to a cross-site scripting issue in the Wiki module. An attacker may steal cookie-based authentication credentials from a legitimate user by sending a malformed link to this web site.

Solution

Upgrade to PHPGroupWare 0.9.16.003 or higher.