Cross-Site Scripting Vulnerability in Novell GroupWise Product
CVE-2013-1086

Currently unrated

Key Information:

Vendor
Novell
Status
Groupwise
Vendor
CVE Published:
19 April 2013

Summary

A cross-site scripting (XSS) vulnerability exists in the WebAccess component of Novell GroupWise, prior to version 8.0.3 HP3 and 2012 before SP2. This vulnerability permits remote attackers to inject arbitrary web scripts or HTML code by exploiting certain vectors that involve the onError attribute. By leveraging this flaw, attackers can potentially manipulate user sessions or carry out phishing attacks, posing significant security risks to affected users. It is crucial for organizations using Novell GroupWise to implement appropriate patches and security measures to mitigate the impact of this vulnerability.

References

http://www.novell.com/support/kb/doc.php?id=7012064
x_refsource_CONFIRM
https://bugzilla.novell.com/show_bug.cgi?id=802906
x_refsource_CONFIRM
http://secunia.com/advisories/53098
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2013-1086 : Cross-Site Scripting Vulnerability in Novell GroupWise Product | SecurityVulnerability.io