Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Novell GroupWise WebAccess gw/webacc多个跨站脚本漏洞
Vulnerability Description
Novell GroupWise是美国Novell公司的一套协作通讯系统。该系统提供了电子邮件、日程安排、即时通讯、任务管理、文档管理以及联系人管理等协作通讯服务。 Groupwise WebAccess的登录页面(https://www.website.com/gw/webacc)没有正确地验证用户在登陆请求中所提交的GWAP.version、User.Theme.index、User.lang等字段,远程攻击者可以通过提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A