https://www.exploit-db.com/exploits/25434
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-571

eGroupware的1.0.0.007之前版本存在多个跨站脚本攻击漏洞，远程攻击者可以通过传到index.php的(1)ab_id，(2)page，(3)type或(4)lang参数，或(5)category_id参数来注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13212/info

eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available.

The issues arise due to a failure of the application to properly validate user-supplied input. These issues result in cross-site scripting and SQL injection attacks. 

http://egroupware/index.php?menuaction=addressbook.uiaddressbook.edit&ab_id=11[XSS]
http://egroupware/index.php?menuaction=manual.uimanual.view&page=ManualAddressbook[XSS]
http://egroupware/index.php?menuaction=forum.uiforum.post&type=new[XSS]
http://egroupware/wiki/index.php?page=RecentChanges[XSS]
http://egroupware/wiki/index.php?action=history&page=WikkiTikkiTavi&lang=en[XSS]
http://egroupware/index.php?menuaction=wiki.uiwiki.edit&page=setup[XSS]

来源:BID
名称:13212
链接:http://www.securityfocus.com/bid/13212
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=320768
来源:GENTOO
名称:GLSA-200504-24
链接:http://security.gentoo.org/glsa/glsa-200504-24.xml
来源:SECUNIA
名称:14982
链接:http://secunia.com/advisories/14982
来源:OSVDB
名称:15751
链接:http://www.osvdb.org/15751
来源:MISC
链接:http://www.gulftech.org/?node=research&article;_id=00069-04202005
来源:BUGTRAQ
名称:20050420MultipleeGroupwareVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111401760125555&w;=2