Novell : Security Vulnerabilities, CVEs, Published In 2011 (XSS)

CVE-2010-2778

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
Max CVSS
4.3
EPSS Score
0.49%
Published
2011-01-28
Updated
2011-01-31

CVE-2010-2779

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
Max CVSS
4.3
EPSS Score
0.49%
Published
2011-01-28
Updated
2011-01-31

CVE-2010-4322

Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
Max CVSS
3.5
EPSS Score
0.06%
Published
2011-01-07
Updated
2018-10-10

CVE-2010-4324

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.65%
Published
2011-01-07
Updated
2017-08-17

CVE-2010-4716

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.69%
Published
2011-01-31
Updated
2011-02-16

CVE-2011-0462

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.15%
Published
2011-04-10
Updated
2011-04-22

CVE-2011-1696

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
Max CVSS
4.3
EPSS Score
0.21%
Published
2011-10-08
Updated
2011-11-22

CVE-2011-2224

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2011-08-09
Updated
2015-10-29

CVE-2011-2226

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.
Max CVSS
4.3
EPSS Score
0.17%
Published
2011-08-23
Updated
2017-08-29

CVE-2011-2227

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.
Max CVSS
4.3
EPSS Score
0.21%
Published
2011-10-08
Updated
2011-11-22

CVE-2011-2644

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
Max CVSS
4.3
EPSS Score
0.42%
Published
2011-08-23
Updated
2017-08-29

CVE-2011-2650

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.
Max CVSS
4.3
EPSS Score
0.42%
Published
2011-08-23
Updated
2017-08-29

CVE-2011-2652

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file.
Max CVSS
4.3
EPSS Score
0.42%
Published
2011-08-23
Updated
2017-08-29

CVE-2011-2661

Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
Max CVSS
4.3
EPSS Score
0.30%
Published
2011-10-08
Updated
2012-05-14
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close