Groupwise Webaccess Security Vulnerabilities and Issues — Groupwise Webaccess CVE List

Lucene search

NovellGroupwise Webaccess

5 matches found

CVE•added 2005/07/26 4:0 a.m.•52 views

CVE-2005-2276

Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag.

4.3CVSS5.8AI score0.01463EPSS

CVE•added 2008/02/05 11:0 a.m.•46 views

CVE-2006-4220

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

4.3CVSS6AI score0.00616EPSS

CVE•added 2006/08/11 10:4 a.m.•42 views

CVE-2006-3817

Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.

4.3CVSS5.8AI score0.00427EPSS

CVE•added 2007/08/28 1:17 a.m.•42 views

CVE-2007-4557

Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2...

4.3CVSS6AI score0.00179EPSS

CVE•added 2006/08/11 10:4 a.m.•38 views

CVE-2006-3818

Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.

4.3CVSS6AI score0.01937EPSS