VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 31, 2011· Updated Apr 29, 2026

CVE-2010-4716

CVE-2010-4716

Description

Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in Novell GroupWise WebPublisher before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability

The WebPublisher component of Novell GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) issue in versions prior to 8.02HP. The vulnerability exists due to insufficient sanitization of user-supplied input via unspecified vectors, allowing arbitrary web script or HTML injection.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious link or input that, when accessed by a user, executes arbitrary script in the context of the GroupWise WebPublisher. No authentication is required, but user interaction is necessary (e.g., clicking a crafted link). The exact attack vector is not disclosed in the available references.

Impact

Successful exploitation allows the attacker to execute arbitrary script in the victim's browser, potentially leading to session hijacking, credential theft, or redirection to malicious websites. The impact is limited to the user's browser session and does not directly affect the server.

Mitigation

Update to GroupWise WebPublisher version 8.02 Hot Patch (8.02HP) or later. Previous versions are no longer supported and should be upgraded. No other workaround is provided in the references [1].

References
  1. GroupWise 8 WebPublisher Cross-Site Scripting (XSS)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

33
  • Novell/Groupwise33 versions
    cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*range: <=8.0.2
    • cpe:2.3:a:novell:groupwise:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:4.1a:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:5.57e:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:5.5:*:enhancement_pack:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.0:sp5:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:8.0.1:*:*:*:*:*:*:*
    • (no CPE)range: <8.02HP

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.