Cross-Site Scripting Vulnerabilities in Novell GroupWise WebAccess
CVE-2006-4220

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise; Groupwise Webaccess
Vendor: CVE Published:; 31 December 2006

Summary

Novell GroupWise WebAccess prior to the 7 Support Pack 3 Public Beta is vulnerable to multiple cross-site scripting (XSS) issues. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through parameters such as User.html, Error, User.Theme.index, and User.lang. Successful exploitation can lead to the execution of malicious scripts in the context of the affected user's session, potentially compromising sensitive information and unauthorized access to user accounts.

References

http://www.securityfocus.com/bid/27582

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1019302

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/27531

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Dec 31, 2006
Vulnerability Reserved
Aug 18, 2006