Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Groove | Groove Workspace | <= 2.5n_build_1871 |
| Groove | Virtual Office | <= 3.1_build_2338 |
References
- http://secunia.com/advisories/15421PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/372618Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/514386Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JGEI-6BCRCCThird Party AdvisoryUS Government Resource
- http://secunia.com/advisories/15421PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/372618Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/514386Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JGEI-6BCRCCThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2005-1676?
CVE-2005-1676 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow...
How severe is CVE-2005-1676?
CVE-2005-1676 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1676?
Check the references section above for vendor advisories and patch information. Affected products include: Groove Groove Workspace, Groove Virtual Office.