Detections
Analytics

Novell GroupWise < 7.03HP2 / 8.0HP1 WebAccess Multiple XSS

medium Nessus Plugin ID 35726

Language:

Synopsis

The remote web server contains a script that is prone to a cross-site scripting attack.

Description

The version of Novell GroupWise WebAccess installed on the remote host fails to sanitize user-supplied input via a POST request to the 'User.id' parameter of the '/gw/webacc' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

Note that this install is also likely affected by other cross-site scripting and cross-site request forgery issues in its WebAccess component as well as a buffer overflow in its GWIA component, although Nessus has not checked for them.

Solution

Apply GroupWise 7.03 Hot Patch 2 (HP2) or GroupWise 8.0 Hot Patch 1 (HP1) or later.

See Also

https://www.procheckup.com/procheckup-labs/pr08-23/

https://www.securityfocus.com/archive/1/500575/30/0/threaded

https://support.microfocus.com/kb/doc.php?id=7002321

Plugin Details

Severity: Medium

ID: 35726

File Name: groupwise_webaccess_userid_xss.nasl

Version: 1.18

Type: remote

Published: 2/21/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:novell:groupwise_webaccess

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Reference Information

CVE: CVE-2009-0273

BID: 33541

CWE: 79