Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0273

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0273
Last Modified 05 Feb 2009 01:53:26
Published 02 Feb 2009 05:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0273

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.

Vulnerable Systems

Application

  • Novell Groupwise 6.5

  • Novell Groupwise 7.0

  • Novell Groupwise 7.01

  • Novell Groupwise 7.02x

  • Novell Groupwise 7.03

  • Novell Groupwise 8.0


References

BID - 33541

BID - 33537

BUGTRAQ - 20090130 PR08-23: XSS on Novell GroupWise WebAccess

BUGTRAQ - 20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess

MISC - http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23

MISC - http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22

CONFIRM - http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321

CONFIRM - http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320

SECUNIA - 33744


Last Updated: 27 May 2016 10:50:11