First published: Thu Apr 20 2017(Updated: )
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
Micro Focus GroupWise | <=2012 | |
Micro Focus GroupWise | =2014 | |
Micro Focus GroupWise | =2014-r2 | |
Micro Focus GroupWise | =2014-sp1 | |
Micro Focus GroupWise | =2014-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-5761 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2016-5761, you should upgrade to Novell GroupWise 2014 R2 Service Pack 1 Hot Patch 1 or later versions.
CVE-2016-5761 can be exploited by remote attackers to inject arbitrary web script or HTML through crafted emails.
CVE-2016-5761 affects Novell GroupWise versions prior to 2014 R2 Service Pack 1 Hot Patch 1, including versions up to 2012.
Exploitation of CVE-2016-5761 typically requires the user to open a crafted email, enabling the attack.