Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	21678
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 20 2006 12:00AM
Updated:	Dec 20 2006 09:18PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Novell Netware 6.5 SP6 Novell Netware 6.5 SP5 Novell Apache 2.0.48
Not Vulnerable:

Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability

Novell NetWare Welcome Web-App is prone to an unspecified cross-site scripting vulnerability.

An attacker can exploit this issue to execute arbitrary HTML and script code in a userâ??s browser session in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The vulnerability is reported in NetWare 6.5 SP5 and SP6.

Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability

An attacker can exploit this vulnerability via a web client.

Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you fell we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Novell NetWare Welcome Web-App Unspecified Cross-Site Scripting Vulnerability

References:

• Novell Homepage (Novell)
  
• TID3319127 - Novell Welcome Web-App Potential XSS security vulnerability in Welc (Novell)