CVE-2009-1762 — Cross-site Scripting in Groupwise

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Groupwise

Timeline

PublishedMay 22

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7.x before 7.03 HP2 allow remote attackers to inject arbitrary web script or HTML via the (1) GWAP.version or (2) User.Theme (aka User.Theme.index) parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/groupwise7 versions+6

Patches

Patch: www.novell.com ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-hvf5-cqh3-f27x: Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7↗2022-05-02

▶

CVEList

CVE-2009-1762: Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page (aka gw/webacc) in Novell GroupWise 7↗2009-05-22

▶