Novell: >> Groupwise Webaccess >> 5.5 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-12-31
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-08-14