Debian DSA-2013-1 : egroupware - several vulnerabilities
High Nessus Plugin ID 45055
SynopsisThe remote Debian host is missing a security-related update.
DescriptionNahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.
SolutionUpgrade the egroupware packages.
For the stable distribution (lenny), these problems have been fixed in version 1.4.004-2.dfsg-4.2.
The upcoming stable distribution (squeeze), no longer contains egroupware packages.