CVE-2023-38329

MEDIUM EPSS 14.7%

Published Jul 11, 202511mo ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Jul 11, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without sanitization.

CVSS Details

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

14.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

Vendor	Product	Version	Range
egroupware	egroupware	17.1.20190111	any

References 1

gruppotim.it https://www.gruppotim.it/it/footer/red-team.html

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.