GroupWise WebAccess Cross-Site Scripting (XSS) Security Vulnerability on Replies

  • 7006376
  • 30-Jun-2010
  • 27-Apr-2012

Environment

Novell GroupWise 8
Novell GroupWise WebAccess

Situation

Novell GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in which replying to a specially formatted message could cause users to be redirected to a malicious website.

Affected versions: GroupWise 8.0, 8.01x

This vulnerability was discovered and reported by scriptjunkie scriptjunkie1 {nospam} googlemail {nospam} com  working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com)

Novell bug 599867, ZDI-CAN-710, CVE-2010-2779

Resolution

For GroupWise 8, update to Support Pack 2 (SP2) or later.

Status

Security Alert