CVE-2016-9169

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 36.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Groupwise

Timeline

PublishedMar 23

Latest updateMay 17

Description

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5novell_groupwiseNovell GroupWise

▶NVDnovell/groupwise2014

🔴Vulnerability Details

GHSA

GHSA-vqmm-xqfj-v7hr: A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 tha↗2022-05-17

▶

CVEList

CVE-2016-9169: A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 tha↗2017-03-23

▶