CVE-2005-0870
egroupware - programming errors
EPSS 11.7%
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
How to fix CVE-2005-0870
To remediate CVE-2005-0870, upgrade the affected package to a fixed version below.
- Debian/egroupware—upgrade to 1.0.0.007-2.dfsg-2sarge4 or later
- Debian/phpgroupware—upgrade to 0.9.14-0.RC3.2.woody5 or later
- —upgrade to 2.3-7 or later
- —upgrade to 2.0-3woody2 or later
- —upgrade to 2.0-3woody3 or later
Is CVE-2005-0870 being exploited?
Moderate — EPSS is 11.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 1.0.0.007-2.dfsg-2sarge4
- from 0, < 0.9.14-0.RC3.2.woody5
- from 0, < 2.3-7
- from 0, < 2.0-3woody2
- from 0, < 2.0-3woody3