Novell Groupwise 6.5 Webaccess - HTML Injection
| EKU-ID: 31333 | CVE: CVE-2005-2276;OSVDB-18064 | OSVDB-ID: |
| Author: Francisco Amato | Published: 2005-07-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31333 | CVE: CVE-2005-2276;OSVDB-18064 | OSVDB-ID: |
| Author: Francisco Amato | Published: 2005-07-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/14310/info Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their browser. Successful exploitation could potentially allow theft of cookie-based authentication. Other attacks are also possible. <IMG SRC="jAvascript:alert(document.cookie)">