SSL: Micro Focus GroupWise Admin Console Cross Site Scripting

A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.

Extended Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.

Affected Products

Novell groupwise

References

CVE: CVE-2016-5760

Short Name
SSL:MICROFOCUS-GROUPWISE-XSS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
Admin CVE-2016-5760 Console Cross Focus GroupWise Micro Scripting Site
Release Date
10/13/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Novell

CVSS Score

4.3

Found a potential security threat?