Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Security Vulnerability - GroupWise 8 WebAccess Cross-site scripting (XSS) issue in "Directory.Item" Parameters

This document (7009214) is provided subject to the disclaimer at the end of this document.


Novell GroupWise 8
Novell GroupWise 8 WebAccess
GroupWise 8.0x up to (and including) 8.02HP2


GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in the "" and "Directory.Item.displayName" parameters whereby an attacker could potentially insert arbitrary HTML and script code that will be executed in a user's browser session.
This vulnerability was discovered and reported by Joshua Tiago, Cirosec via Secunia (, Secunia advisory SA44328).


To resolve this issue, apply GroupWise 8.0 Hot Patch 3 (HP3) or later.
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their WebAccess servers and associated Domains to version 8.02HP3 in order to secure their system.


Security Alert

Bug Number



This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7009214
  • Creation Date:19-AUG-11
  • Modified Date:26-APR-12
    • NovellGroupWise

Did this document solve your problem? Provide Feedback