CVE-2023-38329 Information

Description

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the �ser\ HTTP/GET parameter which reflects its input without sanitization.

Reference

https://www.gruppotim.it/it/footer/red-team.html

Related CNNVD

CNNVD-202507-1646 (Published: 2025-07-11)