CVE-2009-0273 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x 7.0 7.01 7.02x 7.03 7.03HP1a and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc and other vectors involving (3) HTML e-mail and (4) HTML attachments.
Reference
http://secunia.com/advisories/33744 http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320 http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23 http://www.securityfocus.com/archive/1/500572/100/0/threaded http://www.securityfocus.com/archive/1/500575/100/0/threaded http://www.securityfocus.com/bid/33537 http://www.securityfocus.com/bid/33541
Share on: