Novell GroupWise WebAccess - Cross Site Scripting (XSS) Security Vulnerability via Unfiltered Style Expressions

  • 7003267
  • 14-May-2009
  • 27-Apr-2012


Novell GroupWise WebAccess
GroupWise 7.0 up to (and including) 7.03 HP2
GroupWise 8.0 up to (and including) 8.0.0 HP1


Novell GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit via unfiltered style expressions, which could potentially allow an attacker to send a message with an HTML file that contains malicious scripts, which could redirect a user and/or forward data & requests to a malicious site.

Credit: This vulnerability was discovered and reported by Jim LaValley - LaValley Consulting, LLC (
Novell bug 472987, CVE-2009-1635.


To resolve this issue:
For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later
For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later


Security Alert

Bug Number