Cross-Site Scripting in Novell GroupWise 6.5 WebAccess
CVE-2007-4557

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise Webaccess
Vendor: CVE Published:; 28 August 2007

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the webacc servlet of Novell GroupWise 6.5 WebAccess. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the User.Id parameter. An insufficient fix related to a previous vulnerability potentially exacerbates this issue, making applications utilizing this software susceptible to exploitation through crafted URLs. Organizations using this product should prioritize mitigation strategies to safeguard their web applications.

References

http://0x000000.com/index.php?i=409

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 28, 2007