XSS and hijacking vuln at phpgroupware

["Hokkaido" <hokkaido () serverart org>]

  In http://www.securityfocus.com/advisories/5677 we can find an advisory
about XSS vulnerabilty at phpgroupware. It says about html tags and script
inejctions, but I didn't find anything about session hijack.
  The raw way to see that is copy the URL with SESSIONID while logged and
paste it at another machine or a different browser.

  This post is from a newbie so, comments, corrections, advices, flames are
really welcome.

--  This mail is for the list only. Find me at hokkaido () hush com

------------------------------------------------------------------
  This email was checked by AMaViS anti-virus system !
  Get yourself a free email address at http://mail.serverart.org