CVE-2009-1762

EUVD-2009-1757
Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
novellgroupwise
7.0
novellgroupwise
7.0:sp1
novellgroupwise
7.0:sp2
novellgroupwise
7.0:sp3
novellgroupwise
7.0.0:sp1
novellgroupwise
7.0.0:sp2
novellgroupwise
7.0.2
novellgroupwise
7.0.3
novellgroupwise
7.01
novellgroupwise
7.02x:x
novellgroupwise
7.03
novellgroupwise
7.03:hp1a
novellgroupwise
7.03:hp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt
http://secunia.com/advisories/35177
http://securitytracker.com/id?1022267
http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271
http://www.securityfocus.com/archive/1/503700/100/0/threaded
http://www.securityfocus.com/bid/35061
http://www.vupen.com/english/advisories/2009/1393
https://bugzilla.novell.com/show_bug.cgi?id=484942
http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt
http://secunia.com/advisories/35177
http://securitytracker.com/id?1022267
http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271
http://www.securityfocus.com/archive/1/503700/100/0/threaded
http://www.securityfocus.com/bid/35061
http://www.vupen.com/english/advisories/2009/1393
https://bugzilla.novell.com/show_bug.cgi?id=484942