CVE-2007-4557 Information

Description

Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter as demonstrated by a URL within a url field in a STYLE element possibly due to an incomplete fix for CVE-2004-2103.2.

Reference

http://0x000000.com/index.php?i=409 Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter as demonstrated by a URL within a url field in a STYLE element possibly due to an incomplete fix for CVE-2004-2103.2.