Description
Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
http://0x000000.com/index.php?i=409
Scores
EPSS
0.0012
EPSS Percentile
30.8%
Details
CWE
CWE-79
Status
published
Products (1)
novell/groupwise_webaccess
6.5
Published
Aug 28, 2007
Tracked Since
Feb 18, 2026