Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
BID:25126
Info
Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
| Bugtraq ID: | 25126 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 30 2007 12:00AM |
| Updated: | Jul 31 2007 07:45PM |
| Credit: | 0x000000 is credited with the discovery of this vulnerability. |
| Vulnerable: |
Novell Groupwise 6.5 |
| Not Vulnerable: | |
Discussion
Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Novell GroupWise WebAccess 6.5 is vulnerable; other versions may also be affected.
Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Novell GroupWise WebAccess 6.5 is vulnerable; other versions may also be affected.
Exploit / POC
Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
An example URI has been provided:
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
An example URI has been provided:
Solution / Fix
Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor fixes for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor fixes for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
References:
References:
- Novell GroupWise Homepage (Novell)