XSS in Novell Groupwise
CVE-2016-9169
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's bro…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (63.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Novell Groupwise — versions 2014
- N/a Novell Groupwise — versions Novell GroupWise
Weakness classification (CWE)
References
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-9169?
- CVE-2016-9169 is a medium-severity vulnerability in Novell Groupwise, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-03-23.
- How severe is CVE-2016-9169?
- Medium severity. CVSS v3 base score is 6.1 out of 10.