ZDI : Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities

Users of ZDI please be advised of a Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

ZDI-10-135: ZDI-10-135: Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities

Novell Groupwise WebAccess Multiple

-- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell Groupwise WebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentials being compromised. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/bspQyZ