Cross-Site Scripting Vulnerability in Novell GroupWise 8.0
CVE-2012-4912

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 28 September 2012

Summary

An XSS vulnerability exists in the WebAccess component of Novell GroupWise versions prior to Support Pack 3 for 8.0 and prior to Support Pack 1 for 2012. This flaw enables remote attackers to inject arbitrary web scripts or HTML into the application by sending malformed signatures within HTML email messages. Such exploitation can lead to unauthorized actions performed in the context of the user's browser, thereby increasing the risk of data theft, session hijacking, or spreading malware.

References

http://www.securitytracker.com/id?1027614

vdb-entryx_refsource_SECTRACK

http://www.novell.com/support/kb/doc.php?id=7010768

x_refsource_CONFIRM

http://www.securityfocus.com/bid/55814

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 28, 2012
Vulnerability Reserved
Sep 14, 2012