CVE-2009-1635

Novell GroupWise WebAccess < 7.03 HP3 and < 8.0 HP2 - Cross-Site Scripting via User.lang Parameter

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.

References (17)

Core 17

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50689

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1393

Issue Tracking x_refsource_misc

https://bugzilla.novell.com/show_bug.cgi?id=484942

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/503885/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35177

Issue Tracking x_refsource_misc

https://bugzilla.novell.com/show_bug.cgi?id=472987

Various Sources x_refsource_misc

http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt

Patch, Vendor Advisory x_refsource_confirm

http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35061

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1022267

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/503700/100/0/threaded

Issue Tracking x_refsource_misc

https://bugzilla.novell.com/show_bug.cgi?id=474500

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35066

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50672

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50691

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1

Scores

EPSS 0.0076

EPSS Percentile 73.5%

Details

CWE

CWE-79

Status published

Products (8)

novell/groupwise 7.0 (4 CPE variants)

novell/groupwise 7.0.0 sp1 (2 CPE variants)

novell/groupwise 7.0.2

novell/groupwise 7.0.3

novell/groupwise 7.01

novell/groupwise 7.02x

novell/groupwise 7.03 (3 CPE variants)

novell/groupwise 8.0 (2 CPE variants)

Published May 22, 2009

Tracked Since Feb 18, 2026