Cross site scripting

2017-04-2017:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.

CPENameOperatorVersion
groupwisele2012
groupwiseeq2014 sp1
groupwiseeq2014 sp2
groupwiseeq2014 r2
groupwiseeq2014

Name	Operator	Version
groupwise	le	2012
groupwise	eq	2014 sp1
groupwise	eq	2014 sp2
groupwise	eq	2014 r2
groupwise	eq	2014

References

packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html

seclists.org/fulldisclosure/2016/Aug/123

www.securityfocus.com/archive/1/539296/100/0/threaded

www.securityfocus.com/bid/92645

www.novell.com/support/kb/doc.php?id=7017974

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt