CVE-2009-0273

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
novellgroupwise
6.5
novellgroupwise
7.0
novellgroupwise
7.01
novellgroupwise
7.02x:x
novellgroupwise
7.03
novellgroupwise
7.03:hp1a
novellgroupwise
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/33744
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23
http://www.securityfocus.com/archive/1/500572/100/0/threaded
http://www.securityfocus.com/archive/1/500575/100/0/threaded
http://www.securityfocus.com/bid/33537
http://www.securityfocus.com/bid/33541
http://secunia.com/advisories/33744
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23
http://www.securityfocus.com/archive/1/500572/100/0/threaded
http://www.securityfocus.com/archive/1/500575/100/0/threaded
http://www.securityfocus.com/bid/33537
http://www.securityfocus.com/bid/33541