Description
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.
References (3)
Core 3
Core References
Third Party Advisory, Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7012064
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=802906
Permissions Required third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53098
Scores
EPSS
0.0068
EPSS Percentile
71.8%
Details
CWE
CWE-79
Status
published
Products (24)
novell/groupwise
2012 (3 CPE variants)
novell/groupwise
5.2
novell/groupwise
5.5
novell/groupwise
5.57e
novell/groupwise
6.0
novell/groupwise
6.0.1 sp1
novell/groupwise
6.5 (7 CPE variants)
novell/groupwise
6.5.2
novell/groupwise
6.5.3
novell/groupwise
6.5.4
... and 14 more
Published
Apr 19, 2013
Tracked Since
Feb 18, 2026