Unrated severityNVD Advisory· Published Dec 31, 2006· Updated Jun 16, 2026
CVE-2006-4220
CVE-2006-4220
Description
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*
- (no CPE)range: <=7.0.2
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.