Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Groupwise | 5.57e |
| Novell | Groupwise Webaccess | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28778Vendor Advisory
- http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb4
- http://www.osvdb.org/27531
- http://www.securityfocus.com/bid/27582
- http://www.securitytracker.com/id?1019302
- http://www.vupen.com/english/advisories/2008/0395
- http://secunia.com/advisories/28778Vendor Advisory
- http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb4
- http://www.osvdb.org/27531
- http://www.securityfocus.com/bid/27582
- http://www.securitytracker.com/id?1019302
- http://www.vupen.com/english/advisories/2008/0395
FAQ
What is CVE-2006-4220?
CVE-2006-4220 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1...
How severe is CVE-2006-4220?
CVE-2006-4220 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4220?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Groupwise, Novell Groupwise Webaccess.