vendor:
GroupWise WebAccess
by:
Unknown
5.5
CVSS
MEDIUM
Security Restrictions Bypass, Cross-Site Scripting
CWE
Product Name: GroupWise WebAccess
Affected Version From: Prior to WebAccess 7.03 HP3 and 8.0.0 HP2
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2009
Novell GroupWise WebAccess Multiple Security Vulnerabilities
An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks. The exploit code extracts the session token from the current document's URI and uses it to inject an iframe that changes the user's signature on the fly.
Mitigation:
Upgrade to WebAccess 7.03 HP3 or 8.0.0 HP2.