Cross-Site Scripting Vulnerability in Novell Groupwise WebAccess 6.5
CVE-2005-2276

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise Webaccess
Vendor: CVE Published:; 26 July 2005

What is CVE-2005-2276?

A cross-site scripting vulnerability exists in Novell Groupwise WebAccess 6.5 that enables attackers to inject arbitrary web scripts or HTML into the application. This can be exploited through an email message that contains an encoded JavaScript URI, such as 'j&#X41vascript' within an IMG tag. When users interact with the manipulated message, their browsers may execute the injected code, posing risks to their data and overall security.

References

http://marc.info/?l=bugtraq&m=112181451014783&w=2

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/21421

vdb-entryx_refsource_XF

http://www.osvdb.org/18064

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2005
Vulnerability Reserved
Jul 15, 2005