{"id":"CVE-2023-38329","details":"An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the \"user\" HTTP/GET parameter, which reflects its input without sanitization.","modified":"2026-04-10T04:59:41.729420Z","published":"2025-07-11T15:15:23.893Z","references":[{"type":"ADVISORY","url":"https://www.gruppotim.it/it/footer/red-team.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/egroupware/egroupware","events":[{"introduced":"0"},{"last_affected":"f17b71db49602b78b192397255439f8ba88284c3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"17.1.20190111"}]}}],"versions":["16.1.20160603","17.1.20171023","17.1.20171106","17.1.20171115","17.1.20171129","17.1.20171130","17.1.20180118","17.1.20180209","17.1.20180321","17.1.20180413","17.1.20180523","17.1.20180625","17.1.20180720","17.1.20180831","17.1.20181018","17.1.20181205","17.1.20190111"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38329.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}