Vulnerability Details CVE-2009-0273
Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/33744
- http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320
- http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23
- http://www.securityfocus.com/archive/1/500572/100/0/threaded
- http://www.securityfocus.com/archive/1/500575/100/0/threaded
- http://www.securityfocus.com/bid/33537
- http://www.securityfocus.com/bid/33541
- http://secunia.com/advisories/33744
- http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320
- http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23
- http://www.securityfocus.com/archive/1/500572/100/0/threaded
- http://www.securityfocus.com/archive/1/500575/100/0/threaded
- http://www.securityfocus.com/bid/33537
- http://www.securityfocus.com/bid/33541
Products affected by CVE-2009-0273
-
cpe:2.3:a:novell:groupwise:6.5
-
cpe:2.3:a:novell:groupwise:7.0
-
cpe:2.3:a:novell:groupwise:7.01
-
cpe:2.3:a:novell:groupwise:7.02x
-
cpe:2.3:a:novell:groupwise:7.03
-
cpe:2.3:a:novell:groupwise:8.0