Page 7 of 33 results (0.033 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WebAccess de GroupWise de Novell v6.5x, v7.0, v7.01, v7.02x, v7.03, v7.03HP1a y v8.0. Permite a atacantes remotos inyectar web script o HTML de su elección a través de los parámetros "User.id" y "Library.queryText" de gw/webacc y a través de otros vectores de ataque relacionados con el e-mail HTML y adjuntos HTML. • http://secunia.com/advisories/33744 http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320 http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23 http://www.securityfocus.com/archive/1/500572/100/0/threaded http://www.securityfocus.com/archive/1/500575/100/0/threaded http://www.securityfocus.com/bid/33537 http:&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Novell GroupWise WebAccess 6.5X, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, y 8.0 permite a atacantes remotos insertar reglas de correo y modificar otros ajustes de configuración de usuarios aleatorios a través de vectores desconocidos. • http://secunia.com/advisories/33744 http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21 http://www.securityfocus.com/archive/1/500569/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz simple WebAccess de Novell Groupwise 7.0.x permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/30839 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028303.html http://www.securityfocus.com/bid/29922 http://www.securitytracker.com/id?1020359 http://www.vupen.com/english/advisories/2008/1929/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •