Scriptjunkie

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise versions 8.0 through 8.0 SP1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted message, specifically related to "replies." **Recommendations** For Novell GroupWise versions 8.0 through 8.0 SP1, update to version 8.0 SP2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise versions 7.x before 7.0 post-SP4 FTF Novell GroupWise versions 8.x before 8.0 SP2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in WebAccess, allowing remote attackers to inject arbitrary web script or HTML via a crafted message. This is associated with a "Javascript XSS exploit." **Recommendations** For Novell GroupWise versions 7.x before 7.0 post-SP4 FTF, update to version 7.0 post-SP4 FTF or later. For Novell GroupWise versions 8.x before 8.0 SP2, update to version 8.0 SP2 or later.

Name of the Vulnerable Software and Affected Versions: Frax.dk Php Recommend versions 1.3 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `form include template` parameter in the admin.php file. Recommendations: For Frax.dk Php Recommend versions 1.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Frax.dk Php Recommend versions 1.3 and earlier Description: The issue allows remote attackers to gain administrative privileges without authentication when the user password is changed. This is achieved by modifying the `form admin user` and `form admin pass` parameters in the admin.php file. Recommendations: For Frax.dk Php Recommend versions 1.3 and earlier, update to a version that requires authentication for user password changes to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the admin.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Frax.dk Php Recommend versions 1.3 and earlier Description: A static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into phpre config.php via the `form aula` parameter in admin.php. Recommendations: For Frax.dk Php Recommend versions 1.3 and earlier, update to a version later than 1.3 to resolve the issue.