Novell GroupWise WebAccess Login Page User.lang Parameter XSS

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.

Synopsis :

The web application running on the remote host has a
cross-site scripting vulnerability.

Description :

The remote host is running Novell GroupWise WebAccess, which is
vulnerable to a cross-site scripting issue in the 'User.lang' field
of the login page.

There are other issues known to be associated with this version of
GroupWise WebAccess that Nessus has not tested for. Refer to the
Secunia advisory for details.

See also :

Solution :

Upgrade to version 7.03 HP3 / 8.0 HP2 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 38927 (groupwise_webaccess_userlang_xss.nasl)

Bugtraq ID: 35061

CVE ID: CVE-2009-1635

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now