CVE-2009-4662

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions 7.0 through 7.03 HP4 Novell GroupWise versions 8.0 through 8.0 SP1

Description A cross-site scripting (XSS) issue exists in the WebAccess component, allowing remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Novell GroupWise versions 7.0 through 7.03 HP4, update to version 7.03 HP4 or later. For Novell GroupWise versions 8.0 through 8.0 SP1, update to version 8.0 SP1 or later.