Vulnerability Details : CVE-2012-4912
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2012-4912
- cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.00:hp1:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.00:hp2:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.02:hp2:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.02:hp3:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.01:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.01:hp:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.02:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.02:hp1:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:8.00:hp3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4912
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4912
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-4912
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4912
-
http://www.securitytracker.com/id?1027614
Novell GroupWise WebAccess Input Validation Flaw in HTML Email Permits Cross-Site Scripting Attacks - SecurityTracker
-
http://www.novell.com/support/kb/doc.php?id=7010768
Security Vulnerability: Cross-Site Scripting (XSS issue) in GroupWise WebAccessVendor Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=702788
Access Denied
-
http://download.novell.com/Download?buildid=O5hTjIiMdMo~
Downloads - GroupWise 8.0 SP3 Hot Patch 1 Full Release for Windows and NLM ENPatch
-
http://www.securityfocus.com/bid/55814
Novell GroupWise CVE-2012-4912 HTML Injection Vulnerability
-
https://bugzilla.novell.com/show_bug.cgi?id=745425
Access Denied
Jump to