Upstream information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.3 |
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
SUSE Security Advisories:
- TID7003267, published Sun May 20 15:50:22 CEST 2018
- TID7003268, published Sun May 20 15:50:24 CEST 2018
- TID7003271, published Sun May 20 15:50:26 CEST 2018
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 16:33:08 2013CVE page last modified: Wed Apr 9 11:13:56 2025