Cross-Site Scripting Vulnerabilities in Novell GroupWise Administrator Console
CVE-2016-5760

6.1MEDIUM

Key Information:

Vendor
Novell
Status
Groupwise
Vendor
CVE Published:
20 April 2017

Summary

The Novell GroupWise administrator console is susceptible to multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. Specifically, these vulnerabilities exist in the login process, where improper validation of user inputs allows malicious tokens or paths to be injected via 'gwadmin-console/install/login.jsp' and 'gwadmin-console/index.jsp'. This exposure can compromise the integrity of administrative sessions, potentially allowing unauthorized access to sensitive functionalities.

References

http://packetstormsecurity.com/files/138503/Micro-Focus-G...
x_refsource_MISC
http://www.securityfocus.com/archive/1/539296/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/92646
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.