VulnerableCode Package Details - pkg:ebuild/www-apps/egroupware@1.4.004

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:ebuild/www-apps/egroupware@1.4.004

Essentials
History (2)

purl	pkg:ebuild/www-apps/egroupware@1.4.004

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-ba3v-4d8e-mfgx	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.	CVE-2008-1502 GHSA-v759-3wr5-p294
VCID-zsh3-98k8-1ycj	Multiple vulnerabilities in eGroupWare may lead to execution of arbitrary PHP code, the ability to upload malicious files and cross-site scripting attacks.	CVE-2008-2041

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:12:07.712222+00:00	Gentoo Importer	Fixing	VCID-zsh3-98k8-1ycj	https://security.gentoo.org/glsa/200805-04	38.0.0
2026-04-01T13:12:07.700286+00:00	Gentoo Importer	Fixing	VCID-ba3v-4d8e-mfgx	https://security.gentoo.org/glsa/200805-04	38.0.0