TUCoPS :: Networks :: va3563.htm

TUCoPS :: Networks :: va3563.htm
Novell GroupWise Web Access Multiple XSS

Novell GroupWise Web Access Multiple XSS Novell GroupWise Web Access Multiple XSS


     Novell GroupWise Web Access Multiple XSS
  /============================================\
 /~ SecureState R&D Team - leroy and sasquatch ~\
/~  Discovered: 11-24-08, 03-05-09              ~\
\~  Vendor Notified:  01-06-09, 03-05-09        ~/
 \~ Vendor Publication:  05-21-09              ~/
  \============================================/


   /------------------------------------------------------------------------------------------------\
  /~ Novell's Groupwise WebAccess login page is vulnerable to several cross-site scripting attacks. ~\
 /~                                                                                                  ~\
< Example URL: https://www.website.com/gw/webacc > 
 \~                                                                                                  ~/
  \~ An attempt to deter the attack is made in that