Novell Groupwise Webaccess Cross Site Scripting Vulnerability
BID:9508
Info
Novell Groupwise Webaccess Cross Site Scripting Vulnerability
| Bugtraq ID: | 9508 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2004 12:00AM |
| Updated: | Jan 27 2004 12:00AM |
| Credit: | Unknown. |
| Vulnerable: |
Novell Groupwise 6.5 SP2 Novell Groupwise 6.5 SP1 Novell Groupwise 6.5 |
| Not Vulnerable: | |
Discussion
Novell Groupwise Webaccess Cross Site Scripting Vulnerability
It has been reported that Novell Groupwise may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue reportedly exists in the 'servlet/webacc' module. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
Novell Groupwise version 6.5 has been reported to be prone to this issue, however, other versions may be affected as well.
It has been reported that Novell Groupwise may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue reportedly exists in the 'servlet/webacc' module. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
Novell Groupwise version 6.5 has been reported to be prone to this issue, however, other versions may be affected as well.
Exploit / POC
Novell Groupwise Webaccess Cross Site Scripting Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Novell Groupwise Webaccess Cross Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Novell Groupwise Webaccess Cross Site Scripting Vulnerability
References:
References: