CVE-2009-0273

Novell GroupWise WebAccess <8.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.

References (9)

[Third Party Advisory] http://secunia.com/advisories/33744

[Vendor Advisory] http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320

[Vendor Advisory] http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321

[Various Sources] http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22

[Various Sources] http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500572/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500575/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33537

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33541

Scores

EPSS 0.0100

EPSS Percentile 76.8%

Classification

CWE

CWE-79

Status published

Affected Products (8)

novell/groupwise

novell/groupwise

novell/groupwise

novell/groupwise

novell/groupwise

novell/groupwise

novell/groupwise

n/a/n/a

Timeline

Published Feb 02, 2009

Tracked Since Feb 18, 2026