CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Egroupware: >> Egroupware >> 14.1.20140923 Security Vulnerabilities

CVE-2024-40614

EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.

CVSS Score

9.8

EPSS Score

0.001

Published

2024-07-07

CVE-2017-14920

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

CVSS Score

6.1

EPSS Score

0.012

Published

2017-09-30

Page 1

Vulnerabilities

Vulnerable Software

Egroupware: >> Egroupware >> 14.1.20140923 Security Vulnerabilities

Products

Pricing

Contact Us