HTTP: Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross Site Scripting
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
Extended Description
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
Affected Products
Novell groupwise
Short Name
HTTP:MICROFOCUS-INDEX-XSS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Admin CVE-2016-5760 Console Cross Focus GroupWise Micro PoaCmd Scripting Site index.jsp
Release Date
11/14/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Novell
CVSS Score
4.3