CVE-2010-2779

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the WebAccess component of Novell GroupWise versions 8.x prior to 8.0 SP2. The flaw lies in how the application handles HTML-formatted messages when processing replies. An attacker can craft a message containing arbitrary script or HTML that is not properly sanitized by the WebAccess interface, leading to script execution in the browser of the victim who views the message [1].

Exploitation

This vulnerability can be exploited remotely without authentication. An attacker needs to send a specially crafted email message to a GroupWise WebAccess user. When the user views the message (specifically when interacting with a reply to the message), the unsanitized content executes in the context of the WebAccess session. No additional privileges or user interaction beyond viewing the message is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary client-side script in the victim's browser within the WebAccess session. The attacker can steal the user's WebAccess credentials (such as session tokens or cookies), potentially leading to account compromise and unauthorized access to the user's email and data. The CVSS score is 4.3, indicating medium severity with partial confidentiality impact [1].

Mitigation

Novell released GroupWise 8.0 SP2 which addresses this vulnerability. Users should upgrade to version 8.0 SP2 or later. No workarounds were identified in the available references. The vulnerability was disclosed via the Zero Day Initiative (ZDI-10-135) in July 2010 [1].