CVE-2007-4048
phpgroupware - cross scripting vulnerability
EPSS 0.54%
Description
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
How to fix CVE-2007-4048
To remediate CVE-2007-4048, upgrade the affected package to a fixed version below.
- Debian/phpgroupware—upgrade to 0.9.16.011-3lenny2 or later
- Debian/phpsysinfo—upgrade to 2.5.1-6.1 or later
Is CVE-2007-4048 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.9.16.011-3lenny2
- from 0, < 2.5.1-6.1