CVE-2013-1087 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
novell	groupwise	𝑥 ≤ 8.03
novell	groupwise	6.5
novell	groupwise	6.5:sp1
novell	groupwise	6.5:sp2
novell	groupwise	6.5:sp3
novell	groupwise	6.5:sp4
novell	groupwise	6.5:sp5
novell	groupwise	6.5:sp6
novell	groupwise	6.5.2
novell	groupwise	6.5.3
novell	groupwise	6.5.4
novell	groupwise	6.5.6
novell	groupwise	6.5.7
novell	groupwise	7.0
novell	groupwise	7.0.3:hp4
novell	groupwise	7.0.3:hp5
novell	groupwise	7.0.4
novell	groupwise	7.0.4:ftf
novell	groupwise	7.01
novell	groupwise	7.01:ir1
novell	groupwise	7.02
novell	groupwise	7.02:hp1
novell	groupwise	7.02:hp1a
novell	groupwise	7.02:hp2
novell	groupwise	7.02:hp2r1
novell	groupwise	7.03
novell	groupwise	7.03:hp
novell	groupwise	7.03:hp2
novell	groupwise	7.03:hp3
novell	groupwise	7.03:hp3\+ftf
novell	groupwise	8.0
novell	groupwise	8.00:hp1
novell	groupwise	8.00:hp2
novell	groupwise	8.00:hp3
novell	groupwise	8.01
novell	groupwise	8.01:hp
novell	groupwise	8.02
novell	groupwise	8.02:hp1
novell	groupwise	8.02:hp2
novell	groupwise	8.02:hp3
novell	groupwise	8.03
novell	groupwise	8.03:hp1
novell	groupwise	8.03:hp2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://www.novell.com/support/kb/doc.php?id=7012063

https://bugzilla.novell.com/show_bug.cgi?id=799673

http://www.novell.com/support/kb/doc.php?id=7012063

https://bugzilla.novell.com/show_bug.cgi?id=799673