CVE-2009-1762

Name of the Vulnerable Software and Affected Versions: Novell GroupWise versions prior to 7.03 HP2

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the WebAccess login page. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the GWAP.version or User.Theme (also known as User.Theme.index) parameters.

Recommendations: For versions prior to 7.03 HP2, update to version 7.03 HP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebAccess login page or avoiding the use of the GWAP.version and User.Theme parameters until the update is applied.