| Vulnerability Name: | CVE-2009-0273 (CCN-48389) | ||||||||
| Assigned: | 2009-01-30 | ||||||||
| Published: | 2009-01-30 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0273 Source: CCN Type: SA33744 Novell GroupWise Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 33744 Source: CONFIRM Type: Vendor Advisory http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320 Source: CONFIRM Type: Vendor Advisory http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321 Source: CCN Type: Novell Document ID: 7002321 Cross-site Scripting Security Vulnerability with GroupWise WebAccess Source: MISC Type: UNKNOWN http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22 Source: CCN Type: ProCheckUp: PR08-23 XSS on Novell GroupWise WebAccess Source: MISC Type: UNKNOWN http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23 Source: BUGTRAQ Type: UNKNOWN 20090130 PR08-22: Persistent XSS on Novell GroupWise WebAccess Source: BUGTRAQ Type: UNKNOWN 20090130 PR08-23: XSS on Novell GroupWise WebAccess Source: BID Type: UNKNOWN 33537 Source: CCN Type: BID-33537 Novell GroupWise WebAccess Unspecified HTML Injection Vulnerability Source: BID Type: UNKNOWN 33541 Source: CCN Type: BID-33541 Novell GroupWise WebAccess 'gw/webacc' Multiple Cross-Site Scripting Vulnerabilities Source: XF Type: UNKNOWN groupwise-webaccess-servlet-xss(48389) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2009-0273 (CCN-48390) | ||||||||
| Assigned: | 2009-01-30 | ||||||||
| Published: | 2009-01-30 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0273 Source: CCN Type: SA33744 Novell GroupWise Multiple Vulnerabilities Source: CCN Type: Novell Document ID: 7002320 Persistent Cross-site Scripting (XSS) Security Vulnerability with GroupWise WebAccess Source: CCN Type: ProCheckUp: PR08-22 Persistent XSS on Novell GroupWise WebAccess Source: CCN Type: BID-33537 Novell GroupWise WebAccess Unspecified HTML Injection Vulnerability Source: CCN Type: BID-33541 Novell GroupWise WebAccess 'gw/webacc' Multiple Cross-Site Scripting Vulnerabilities Source: XF Type: UNKNOWN groupwise-webaccess-email-xss(48390) | ||||||||
| BACK | |||||||||