Detections
Analytics

Novell GroupWise WebAccess Login Page User.lang Parameter XSS

medium Nessus Plugin ID 38927

Language:

Synopsis

The web application running on the remote host has a cross-site scripting vulnerability.

Description

The remote host is running Novell GroupWise WebAccess, which is vulnerable to a cross-site scripting issue in the 'User.lang' field of the login page.

There are other issues known to be associated with this version of GroupWise WebAccess that Nessus has not tested for. Refer to the Secunia advisory for details.

Solution

Upgrade to version 7.03 HP3 / 8.0 HP2 or later.

See Also

https://www.securityfocus.com/archive/1/503700/30/0/threaded

http://www.nessus.org/u?cc5f3ba8

Plugin Details

Severity: Medium

ID: 38927

File Name: groupwise_webaccess_userlang_xss.nasl

Version: 1.16

Type: remote

Published: 5/27/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:novell:groupwise_webaccess

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Reference Information

CVE: CVE-2009-1635

BID: 35061

CWE: 79

SECUNIA: 35177