Vulnerability Name: | CVE-2005-2276 (CCN-21421) | ||||||||
Assigned: | 2005-07-19 | ||||||||
Published: | 2005-07-19 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "jAvascript" in an IMG tag. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Tue Jul 19 2005 - 07:46:55 CDT [ISR] - Novell Groupwise WebAccess Cross-Site Scripting Source: MITRE Type: CNA CVE-2005-2276 Source: CCN Type: Novell Downloads Web site Novell Downloads Source: BUGTRAQ Type: UNKNOWN 20050719 [ISR] - Novell Groupwise WebAccess Cross-Site Scripting Source: CCN Type: SA16098 Novell GroupWise WebAccess Script Insertion Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 16098 Source: CCN Type: SECTRACK ID: 1014515 Novell GroupWise Webaccess Lets Remote Users Conduct Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1014515 Source: CCN Type: Novell Security Advisory TID10098301 Cross-site scripting vulnerability in Webaccess Source: CONFIRM Type: Patch http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm Source: CCN Type: Novell Security Advisory TID2971890 FTF: GroupWise 6.5.5 WebAccess Rev D (NW/Win) Source: MISC Type: UNKNOWN http://www.infobyte.com.ar/adv/ISR-11.html Source: CCN Type: Novell GroupWise Web page Groupwise Source: OSVDB Type: UNKNOWN 18064 Source: CCN Type: OSVDB ID: 18064 Novell GroupWise WebAccess E-Mail IMG SRC XSS Source: BID Type: Exploit 14310 Source: CCN Type: BID-14310 Novell GroupWise WebAccess HTML Injection Vulnerability Source: CCN Type: BID-25126 Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN novell-groupwise-webaccess-xss(21421) Source: XF Type: UNKNOWN novell-groupwise-webaccess-xss(21421) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |