* Peter Eisentraut:
> tags 435937 + unreproducible
> stop
>
> Florian Weimer wrote:
>> Package: egroupware-phpsysinfo
>> Version: 1.2.106-2.dfsg-3
>> Tags: security
>>
>> A XSS vulnerability in phpsysinfo has been disclosed:
>>
>> <http://example.com/phpsysinfo-path/index.php/XSS>
>>
>> This is CVE-2007-4048. Please mention this name in the changelog
>> when fixing this bug.
>
> I can't reproduce this with egroupware.
Have you set $hide_picklist to true? The code in
phpsysinfo/includes/system_footer.php looks vulnerable to me:
if (!$hide_picklist) {
echo "<center>";
$update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] .
"\">\n" . "\t" . $text['template'] . ": \n" . "\t<select
name=\"template\">\n";
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
