CVE-2009-0273

Novell GroupWise WebAccess <8.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.

References (9)

Core 9

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33744

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33541

Various Sources x_refsource_misc

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33537

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500575/100/0/threaded

Various Sources x_refsource_misc

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500572/100/0/threaded

Scores

EPSS 0.0100

EPSS Percentile 77.2%

Details

CWE

CWE-79

Status published

Products (6)

novell/groupwise 6.5

novell/groupwise 7.0

novell/groupwise 7.01

novell/groupwise 7.02x

novell/groupwise 7.03 (2 CPE variants)

novell/groupwise 8.0

Published Feb 02, 2009

Tracked Since Feb 18, 2026