source: https://www.securityfocus.com/bid/12082/info
PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user.
http://[target]/[phpgroupware_directory]/index.php?menuaction=calendar.uicalendar.planner
POST DATA: date="><script>alert(document.cookie)</script>
