CVE-2009-0273

Name of the Vulnerable Software and Affected Versions Novell GroupWise WebAccess versions 6.5x through 8.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially affecting a large number of devices worldwide. This can be achieved via several vectors, including the User.id and Library.queryText parameters to "gw/webacc", as well as through HTML e-mail and HTML attachments.

Recommendations For Novell GroupWise WebAccess versions 6.5x through 8.0, consider restricting access to the vulnerable parameters User.id and Library.queryText in the "gw/webacc" endpoint until a patch is available. Additionally, avoid using HTML e-mail and HTML attachments in these versions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.