VYPR
Unrated severityNVD Advisory· Published Dec 31, 2006· Updated Jun 16, 2026

CVE-2006-4220

CVE-2006-4220

Description

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Novell/Groupwise5 versions
    cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*
    • (no CPE)range: <=7.0.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.