CVE-2009-1762

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.

Published: May 22, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1762
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
novell / groupwise	7.0	7.0.x
novell / groupwise	7.03-hp2	7.03-hp2.x
novell / groupwise	7.0.2	7.0.2.x
novell / groupwise	7.02x	7.02x.x
novell / groupwise	7.0-sp1	7.0-sp1.x
novell / groupwise	7.0-sp3	7.0-sp3.x
novell / groupwise	7.01	7.01.x
novell / groupwise	7.0.0-sp1	7.0.0-sp1.x
novell / groupwise	7.0.3	7.0.3.x
novell / groupwise	7.03-hp1a	7.03-hp1a.x
novell / groupwise	7.03	7.03.x
novell / groupwise	7.0-sp2	7.0-sp2.x
novell / groupwise	7.0.0-sp2	7.0.0-sp2.x

http://packetstorm.linuxsecurity.com/0905-exploits/groupwise-xss.txt
http://secunia.com/advisories/35177
http://securitytracker.com/id?1022267
http://www.novell.com/support/search.do?cmd=displayKC&externalId=7003271
http://www.securityfocus.com/archive/1/503700/100/0/threaded
http://www.securityfocus.com/bid/35061
http://www.vupen.com/english/advisories/2009/1393
https://bugzilla.novell.com/show_bug.cgi?id=484942

Vulnerability Database

289,697

CVE-2009-1762