Upstream information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.SUSE information
Overall state of this security issue: Does not affect SUSE products
No SUSE Bugzilla entries cross referenced.SUSE Security Advisories:
- TID7017973, published Sa 3. Mär 12:03:03 CET 2018
SUSE Timeline for this CVE
CVE page created: Thu Apr 20 21:15:32 2017CVE page last modified: Tue Jul 1 12:28:37 2025