Short Name |
HTTP:MICROFOCUS-INDEX-XSS |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross Site Scripting |
Release Date |
2016/11/14 |
Update Number |
2804 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.