Security Vulnerability - GroupWise 8 WebPublisher Cross-Site Scripting (XSS)

  • 7007158
  • 04-Nov-2010
  • 26-Apr-2012


Novell GroupWise 8
Novell GroupWise 8 WebPublisher
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.


The WebPublisher component of GroupWise WebAccess is vulnerable to a potential Cross-Site Scripting (XSS) exploit that could potentially be used to redirect users to a malicious website.

This vulnerability was discovered and reported by Pat Bergoch at Amerimark (

Novell bug 651159, CVE number pending


To resolve this security issue, update GroupWise WebPublisher to version 8.02 Hot Patch (or later).


Security Alert

Bug Number