PT-2017-9983 · Novell · Novell Groupwise
Published
2017-03-23
·
Updated
2017-04-05
·
CVE-2016-9169
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Novell GroupWise versions prior to 2014 R2 Support Pack 1 Hot Patch 2
Description
A reflected XSS issue exists in the web console of the Document Viewer Agent, potentially allowing a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link, which could lead to session compromise or other browser-based attacks.
Recommendations
For versions prior to 2014 R2 Support Pack 1 Hot Patch 2, update to 2014 R2 Support Pack 1 Hot Patch 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Document Viewer Agent's web console to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Novell Groupwise