icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

GroupWise WebAccess < 6.5 SP5 EMail IMG SRC XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running a version of GroupWise WebAccess from Novell that fails to sanitize email messages of HTML and script code embedded in IMG tags. An attacker can exploit this flaw to launch cross-site scripting attacks against users of WebAccess by sending them specially crafted email messages.

Solution

Upgrade to version 6.5 SP5 or higher.