Lucene search

[email protected]CVE-2013-1086

HistoryApr 19, 2013 - 11:44 a.m.

CVE-2013-1086

2013-04-1911:44:23

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-1086

cross-site scripting

xss

novell groupwise

webaccess

html

onerror attribute

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.

Affected configurations

NVD

Node

novellgroupwiseMatch2012

novellgroupwiseMatch2012sp1

novellgroupwiseMatch2012sp1_hp1

Node

novellgroupwiseRange≤8.03hp2

novellgroupwiseMatch5.2

novellgroupwiseMatch5.5

novellgroupwiseMatch5.57e

novellgroupwiseMatch6.0

novellgroupwiseMatch6.0.1sp1

novellgroupwiseMatch6.5

novellgroupwiseMatch6.5sp1

novellgroupwiseMatch6.5sp2

novellgroupwiseMatch6.5sp3

novellgroupwiseMatch6.5sp4

novellgroupwiseMatch6.5sp5

novellgroupwiseMatch6.5sp6

novellgroupwiseMatch6.5.2

novellgroupwiseMatch6.5.3

novellgroupwiseMatch6.5.4

novellgroupwiseMatch6.5.6

novellgroupwiseMatch6.5.7

novellgroupwiseMatch7.0

novellgroupwiseMatch7.0.3hp4

novellgroupwiseMatch7.0.3hp5

novellgroupwiseMatch7.0.4

novellgroupwiseMatch7.0.4ftf

novellgroupwiseMatch7.01

novellgroupwiseMatch7.01ir1

novellgroupwiseMatch7.02

novellgroupwiseMatch7.02hp1

novellgroupwiseMatch7.02hp1a

novellgroupwiseMatch7.02hp2

novellgroupwiseMatch7.02hp2r1

novellgroupwiseMatch7.03

novellgroupwiseMatch7.03hp

novellgroupwiseMatch7.03hp2

novellgroupwiseMatch7.03hp3

novellgroupwiseMatch7.03hp3\+ftf

novellgroupwiseMatch8.0

novellgroupwiseMatch8.00hp1

novellgroupwiseMatch8.00hp2

novellgroupwiseMatch8.00hp3

novellgroupwiseMatch8.01

novellgroupwiseMatch8.01hp

novellgroupwiseMatch8.02

novellgroupwiseMatch8.02hp1

novellgroupwiseMatch8.02hp2

novellgroupwiseMatch8.02hp3

novellgroupwiseMatch8.03

novellgroupwiseMatch8.03hp1

CPENameOperatorVersion
novell:groupwisenovell groupwiseeq2012

CPE	Name	Operator	Version
novell:groupwise	novell groupwise	eq	2012

References

secunia.com/advisories/53098

www.novell.com/support/kb/doc.php?id=7012064

bugzilla.novell.com/show_bug.cgi?id=802906

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for CVE-2013-1086

cvelist1 nvd1 prion1