CVE-2013-1086

medium

Description

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.

References

https://bugzilla.novell.com/show_bug.cgi?id=802906

http://www.novell.com/support/kb/doc.php?id=7012064

http://secunia.com/advisories/53098

Details

Source: Mitre, NVD

Published: 2013-04-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N