Cross-Site Scripting Vulnerability in Novell GroupWise WebAccess
CVE-2006-3817

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise Webaccess
Vendor: CVE Published:; 11 August 2006

What is CVE-2006-3817?

A cross-site scripting vulnerability exists in Novell GroupWise WebAccess versions 6.5 and 7 prior to July 27, 2006. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code via an encoded SCRIPT element contained in an email message utilizing the UTF-7 character set. Exploiting this flaw could enable attackers to potentially execute malicious scripts in the context of the affected user's session, leading to unauthorized actions or data exposure.

References

http://www.securityfocus.com/archive/1/442719/100/100/thr...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/19297

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/28211

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2006
Vulnerability Reserved
Jul 24, 2006