CVE-2009-1635 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-1635 Interim 1 1 2025-04-10T00:02:18Z current 2025-04-10T00:02:18Z 2025-04-10T00:02:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-1635 Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/kb/doc/?id=7003267 E-Mail link for TID7003267 https://www.suse.com/support/kb/doc/?id=7003268 E-Mail link for TID7003268 https://www.suse.com/support/kb/doc/?id=7003271 E-Mail link for TID7003271 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values. CVE-2009-1635 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N