Detections
Analytics

Novell GroupWise WebAccess User.interface XSS

medium Nessus Plugin ID 60047

Language:

Synopsis

The application hosted on the remote web server has a cross-site scripting vulnerability.

Description

The version of Novell GroupWise WebAccess hosted on the remote web server has a cross-site scripting vulnerability. This vulnerability is present when files are retrieved by passing a directory traversal string to the User.interface parameter. An attacker could exploit this by tricking a user into making a maliciously crafted request, resulting in the execution of arbitrary script code.

Solution

Upgrade to GroupWise 8.0 Support Pack 3 or later.

See Also

https://support.microfocus.com/kb/doc.php?id=7000708

Plugin Details

Severity: Medium

ID: 60047

File Name: groupwise_webaccess_userinterface_xss.nasl

Version: 1.7

Type: remote

Published: 7/19/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-0410

Vulnerability Information

CPE: cpe:/a:novell:groupwise_webaccess

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 6/28/2012

Vulnerability Publication Date: 6/28/2012

Reference Information

CVE: CVE-2012-0410

BID: 54253

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990