This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The application hosted on the remote web server has a cross-site
The version of Novell GroupWise WebAccess hosted on the remote web
server has a cross-site scripting vulnerability. This
vulnerability is present when files are retrieved by passing a
directory traversal string to the User.interface parameter. An
attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
See also :
Upgrade to GroupWise 8.0 Support Pack 3 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 60047 ()
Bugtraq ID: 54253
CVE ID: CVE-2012-0410
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.