EGroupware mishandles an ORDER BY clause
EGroupware before 23.1.20240624 mishandles an ORDER BY clause.
EGroupware before 23.1.20240624 mishandles an ORDER BY clause.
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.
A Stored XSS vulnerability in eGroupware Community Edition allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.