7 lines
No EOL
482 B
Text
7 lines
No EOL
482 B
Text
source: http://www.securityfocus.com/bid/14310/info
|
|
|
|
Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their browser.
|
|
|
|
Successful exploitation could potentially allow theft of cookie-based authentication. Other attacks are also possible.
|
|
|
|
<IMG SRC="jAvascript:alert(document.cookie)"> |