DSA-2013-1 egroupware -- severalID: oval:org.secpod.oval:def:600123 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page. For the stable distribution , these problems have been fixed in version 1.4.004-2.dfsg-4.2. The upcoming stable distribution , no longer contains egroupware packages. We recommend that you upgrade your egroupware packages.