Description
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
Affected products
- Novell / groupwise5.57e – 5.57e
- Novell / groupwise6.5.7 – 6.5.7
- Novell / groupwise7.0 – 7.0
- Novell / groupwise7.0.0 – 7.0.0
- Novell / groupwise7.0.0 – 7.0.0
- Novell / groupwise_webaccess
References
- MISChttp://www.securityfocus.com/bid/27582
- MISChttp://www.securitytracker.com/id?1019302
- MISChttp://www.osvdb.org/27531
- VENDOR_ADVISORYhttp://secunia.com/advisories/28778
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/0395
- MISChttp://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z