CVE-2007-4048

EPSS 0.54%

phpgroupware - cross scripting vulnerability

Published: 7/30/2007Modified: 5/27/2026

Description

Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected packages (2)

Debian/phpgroupwarefrom 0, < 0.9.16.011-3lenny2
Debian/phpsysinfofrom 0, < 2.5.1-6.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-4048