XSS in Novell Groupwise

CVE-2013-1086

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (72.0th percentile) — read the EPSS interpretation.

Affected products

Novell Groupwise — versions 2012, 5.2, 5.5
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking)
53098 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)