Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4220Cross-site Scripting in Groupwise

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 30.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Groupwise
Timeline
PublishedDec 31
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDnovell/groupwise4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-4rfp-695c-r3m5: Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers2022-05-01
CVEList
CVE-2006-4220: Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers2008-02-05

💥Exploits & PoCs

1
Exploit-DB
Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities2008-01-31
CVE-2006-4220 — Cross-site Scripting in Groupwise | cvebase