This script is Copyright (C) 2012 Tenable Network Security, Inc.
The application hosted on the remote web server has a cross-site
The version of Novell GroupWise WebAccess hosted on the remote web
server has a cross-site scripting vulnerability. This
vulnerability is present when files are retrieved by passing a
directory traversal string to the User.interface parameter. An
attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
See also :
Upgrade to GroupWise 8.0 Support Pack 3 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true