Cross-Site Scripting Vulnerability in Novell GroupWise WebAccess
CVE-2006-3818

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise Webaccess
Vendor: CVE Published:; 11 August 2006

Summary

A Cross-site Scripting (XSS) vulnerability exists within the login page of Novell GroupWise WebAccess prior to specific versions, allowing remote attackers to inject arbitrary web scripts or HTML through the GWAP.version parameter. This vulnerability can potentially compromise the security of user sessions, facilitate phishing attacks, or enable unauthorized access to sensitive information within the application.

References

http://www.securityfocus.com/bid/19297

vdb-entryx_refsource_BID

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2...

x_refsource_CONFIRM

https://secure-support.novell.com/KanisaPlatform/Publishi...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 11, 2006
Vulnerability Reserved
Jul 24, 2006