CVE-2011-2661
Novell GroupWise 8.0 - Cross-Site Scripting via Directory.Item.name or Directory.Item.displayName Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=702786
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/viewContent.do?externalId=7009214
Scores
EPSS
0.0025
EPSS Percentile
48.2%
Details
CWE
CWE-79
Status
published
Products (1)
novell/groupwise
8.0 (3 CPE variants)
Published
Oct 08, 2011
Tracked Since
Feb 18, 2026