CVE-2016-5761

Published: Apr 20, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.

Affected (5)

Products: Novell: Groupwise

Novell

1 product

Groupwise

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Novell Groupwise	Up to 2012
Novell Groupwise	Version 2014
Novell Groupwise	Version 2014 r2
Novell Groupwise	Version 2014 sp1
Novell Groupwise	Version 2014 sp2

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html

Source: security@opentext.com

http://seclists.org/fulldisclosure/2016/Aug/123

Source: security@opentext.com

http://www.securityfocus.com/archive/1/539296/100/0/threaded

Source: security@opentext.com

http://www.securityfocus.com/bid/92645

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7017974

Source: security@opentext.com

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txt

Source: security@opentext.com

http://packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.html