Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

GroupWise WebAccess - Cross Site Scripting (XSS) Security Vulnerability in User.Theme.index parameter

This document (7004410) is provided subject to the disclaimer at the end of this document.


Novell GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit via script injections in the User.Theme.index parameter, which could potentially allow an attacker to redirect users to a malicious site. 

Affected versions:
GroupWise 7.0 up to (and including) 7.03 HP3
GroupWise 8.0 up to (and including) 8.0.0 HP2

This vulnerability was discovered and reported by Matt Foster - Netcraft, Ltd. ( 

Novell bugs 517592, 520671.  CVE number pending.


To resolve this issue:
For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 4 (HP4) or later
For GroupWise 8.0 systems, apply GroupWise 8.0 Support Pack 1 (SP1) or later


Security Alert

Bug Number

517592, 520671


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7004410
  • Creation Date:09-SEP-09
  • Modified Date:27-APR-12
    • NovellGroupWise

Did this document solve your problem? Provide Feedback