PublicDate: 2007-09-26 20:17:00 UTC
Candidate: CVE-2007-5091
References: 
 https://bugs.launchpad.net/ubuntu/+source/egroupware/+bug/151492
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5091
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001
 allow remote attackers to inject arbitrary web script or HTML via the
 cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php
 and (2) admin/inc/class.uicategories.inc.php.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 
upstream_egroupware: released (1.4.002)
dapper_egroupware: ignored (reached end-of-life)
edgy_egroupware: needed (reached end-of-life)
feisty_egroupware: needed (reached end-of-life)
gutsy_egroupware: released (1.2.107-2.dfsg-2)
hardy_egroupware: released (1.2.107-2.dfsg-2)
intrepid_egroupware: released (1.2.107-2.dfsg-2)
jaunty_egroupware: released (1.2.107-2.dfsg-2)
karmic_egroupware: released (1.2.107-2.dfsg-2)
devel_egroupware: released (1.2.107-2.dfsg-2)