Novell GroupWise WebAccess 12.0.x < 12.0.4 / 14.0.x < 14.0.2 Multiple XSS Vulnerabilities

Medium Nessus Plugin ID 85182


The application installed on the remote host is affected by multiple cross-site scripting vulnerabilities.


The version of Novell GroupWise WebAccess installed on the remote host is affected by multiple unspecified cross-site scripting (XSS) vulnerabilities that can allow a remote attacker to trick authenticated users into executing arbitrary JavaScript code in the context of the WebAccess session.


Upgrade to Novell WebAccess 2014 SP2 or WebAccess 2012 SP4.

See Also

Plugin Details

Severity: Medium

ID: 85182

File Name: groupwise_webaccess_14_0_2.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2015/08/03

Modified: 2015/08/04

Dependencies: 62415

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:groupwise_webaccess

Required KB Items: SMB/GroupWise WebAccess/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/07/06

Vulnerability Publication Date: 2015/07/06

Reference Information

CVE: CVE-2014-0611

BID: 76008

OSVDB: 124990