My Favorites


Please to see your favorites.

Security Vulnerability - GroupWise 8 WebPublisher Cross-Site Scripting (XSS)

This document (7007158) is provided subject to the disclaimer at the end of this document.


Novell GroupWise 8
Novell GroupWise 8 WebPublisher
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.


The WebPublisher component of GroupWise WebAccess is vulnerable to a potential Cross-Site Scripting (XSS) exploit that could potentially be used to redirect users to a malicious website.

This vulnerability was discovered and reported by Pat Bergoch at Amerimark (http://www.amerimark.com/)

Novell bug 651159, CVE number pending


To resolve this security issue, update GroupWise WebPublisher to version 8.02 Hot Patch (or later).


Security Alert

Bug Number



This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007158
  • Creation Date:04-NOV-10
  • Modified Date:26-APR-12
    • NovellGroupWise

Did this document solve your problem? Provide Feedback