CVE-2012-0272
Novell GroupWise 8.0 - Cross-Site Scripting via WebAccess Merge Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=702785
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027615
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7010368
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=740563
Scores
EPSS
0.0067
EPSS Percentile
71.6%
Details
CWE
CWE-79
Status
published
Products (2)
novell/groupwise
8.0
novell/groupwise
8.00 hp1 (3 CPE variants)
Published
Sep 19, 2012
Tracked Since
Feb 18, 2026