4.3

CVE-2013-1087

Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellGroupwise Updatehp3 Version <= 8.03
   MicrosoftWindows
NovellGroupwise Version6.5
   MicrosoftWindows
NovellGroupwise Version6.5 Updatesp1
   MicrosoftWindows
NovellGroupwise Version6.5 Updatesp2
   MicrosoftWindows
NovellGroupwise Version6.5 Updatesp3
   MicrosoftWindows
NovellGroupwise Version6.5 Updatesp4
   MicrosoftWindows
NovellGroupwise Version6.5 Updatesp5
   MicrosoftWindows
NovellGroupwise Version6.5 Updatesp6
   MicrosoftWindows
NovellGroupwise Version6.5.2
   MicrosoftWindows
NovellGroupwise Version6.5.3
   MicrosoftWindows
NovellGroupwise Version6.5.4
   MicrosoftWindows
NovellGroupwise Version6.5.6
   MicrosoftWindows
NovellGroupwise Version6.5.7
   MicrosoftWindows
NovellGroupwise Version7.0
   MicrosoftWindows
NovellGroupwise Version7.0.3 Updatehp4
   MicrosoftWindows
NovellGroupwise Version7.0.3 Updatehp5
   MicrosoftWindows
NovellGroupwise Version7.0.4
   MicrosoftWindows
NovellGroupwise Version7.0.4 Updateftf
   MicrosoftWindows
NovellGroupwise Version7.01
   MicrosoftWindows
NovellGroupwise Version7.01 Updateir1
   MicrosoftWindows
NovellGroupwise Version7.02
   MicrosoftWindows
NovellGroupwise Version7.02 Updatehp1
   MicrosoftWindows
NovellGroupwise Version7.02 Updatehp1a
   MicrosoftWindows
NovellGroupwise Version7.02 Updatehp2
   MicrosoftWindows
NovellGroupwise Version7.02 Updatehp2r1
   MicrosoftWindows
NovellGroupwise Version7.03
   MicrosoftWindows
NovellGroupwise Version7.03 Updatehp
   MicrosoftWindows
NovellGroupwise Version7.03 Updatehp2
   MicrosoftWindows
NovellGroupwise Version7.03 Updatehp3
   MicrosoftWindows
NovellGroupwise Version8.0
   MicrosoftWindows
NovellGroupwise Version8.00 Updatehp1
   MicrosoftWindows
NovellGroupwise Version8.00 Updatehp2
   MicrosoftWindows
NovellGroupwise Version8.00 Updatehp3
   MicrosoftWindows
NovellGroupwise Version8.01
   MicrosoftWindows
NovellGroupwise Version8.01 Updatehp
   MicrosoftWindows
NovellGroupwise Version8.02
   MicrosoftWindows
NovellGroupwise Version8.02 Updatehp1
   MicrosoftWindows
NovellGroupwise Version8.02 Updatehp2
   MicrosoftWindows
NovellGroupwise Version8.02 Updatehp3
   MicrosoftWindows
NovellGroupwise Version8.03
   MicrosoftWindows
NovellGroupwise Version8.03 Updatehp1
   MicrosoftWindows
NovellGroupwise Version8.03 Updatehp2
   MicrosoftWindows
NovellGroupwise Version2012
   MicrosoftWindows
NovellGroupwise Version2012 Updatesp1
   MicrosoftWindows
NovellGroupwise Version2012 Updatesp1_hp1
   MicrosoftWindows
NovellGroupwise Version2012 Updatesp2
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.58% 0.851
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.