CVE-2013-1086

Novell GroupWise <8.0.3 HP3, 2012 <SP2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.

References (3)

[Permissions Required] http://secunia.com/advisories/53098

[Third Party Advisory, Vendor Advisory] http://www.novell.com/support/kb/doc.php?id=7012064

[Issue Tracking] https://bugzilla.novell.com/show_bug.cgi?id=802906

Scores

EPSS 0.0068

EPSS Percentile 71.3%

Details

CWE

CWE-79

Status published

Products (50)

novell/groupwise

novell/groupwise < 8.03

novell/groupwise

... and 40 more

Published Apr 19, 2013

Tracked Since Feb 18, 2026