CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9169
https://notcve.org/view.php?id=CVE-2016-9169
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a 2014 R2 Support Pack 1 Hot Patch 2 puede permitir a un atacante remoto ejecutar JavaScript en el contexto de una sesión de explorador de un usuario válido haciendo que haga clic en un enlace manipulado. Esto podría provocar el comprometimiento de sesión u otros ataques basados en navegador. • http://www.securityfocus.com/bid/97318 https://www.novell.com/support/kb/doc.php?id=7018371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 5EXPL: 0CVE-2016-5760 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5760
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. Múltiples vulnerabilidades XSS en la consola de administrador en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) parámetro de token a gwadmin-console/install/login.jsp o (2) PATH_INFO a gwadmin-console/index.jsp. Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities. • http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html http://seclists.org/fulldisclosure/2016/Aug/123 http://www.securityfocus.com/archive/1/539296/100/0/threaded http://www.securityfocus.com/bid/92646 https://www.novell.com/support/kb/doc.php?id=7017973 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-5761 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5761
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. Vulnerabilidad XSS en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de un email manipulado. Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities. • http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html http://seclists.org/fulldisclosure/2016/Aug/123 http://www.securityfocus.com/archive/1/539296/100/0/threaded http://www.securityfocus.com/bid/92645 https://www.novell.com/support/kb/doc.php?id=7017974 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 35%CPEs: 5EXPL: 0CVE-2016-5762 – Micro Focus GroupWise Cross Site Scripting / Overflows
https://notcve.org/view.php?id=CVE-2016-5762
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función Post Office Agent en Novell GroupWise en versiones anteriores a 2014 R2 Service Pack 1 Hot Patch 1 podría permitir a atacantes remotos ejecutar código arbitrario a través de (1) un nombre de usuario largo o (2) una contraseña larga, lo que desencadena un desbordamiento de bufer basado en memoria dinámica Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities. • http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html http://seclists.org/fulldisclosure/2016/Aug/123 http://www.securityfocus.com/archive/1/539296/100/0/threaded http://www.securityfocus.com/bid/92642 https://www.novell.com/support/kb/doc.php?id=7017975 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 4%CPEs: 2EXPL: 0CVE-2014-0611
https://notcve.org/view.php?id=CVE-2014-0611
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en WebAccess en Novell GroupWise 2012 anterior a Support Pack 4 y anterior a Support Pack 2 de 2014. Permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.novell.com/support/kb/doc.php?id=7016653 http://www.securitytracker.com/id/1032978 https://bugzilla.novell.com/show_bug.cgi?id=909584 https://bugzilla.novell.com/show_bug.cgi?id=909586 https://bugzilla.novell.com/show_bug.cgi?id=909587 https://bugzilla.novell.com/show_bug.cgi? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •