VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 8, 2011· Updated Apr 29, 2026

CVE-2011-2661

CVE-2011-2661

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerabilities in Novell GroupWise 8.0 WebAccess allow remote attackers to inject arbitrary HTML/script via Directory.Item parameters.

Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities exist in the WebAccess component of Novell GroupWise 8.0 before Hot Patch 3 (HP3). The flaws are located in the Directory.Item.name and Directory.Item.displayName parameters. Affected versions include GroupWise 8.0.x up to and including 8.02HP2 [1].

Exploitation

An unauthenticated remote attacker can exploit these vulnerabilities by crafting a malicious URL containing arbitrary HTML or script code in the Directory.Item.name or Directory.Item.displayName parameters. When a victim user accesses the crafted URL via WebAccess, the injected script executes in the context of the user's browser session [1].

Impact

Successful exploitation allows the attacker to execute arbitrary web script or HTML in the victim's browser, potentially leading to information disclosure, session hijacking, or other malicious actions within the GroupWise WebAccess session [1].

Mitigation

Novell released GroupWise 8.0 Hot Patch 3 (HP3) to address these vulnerabilities. Users should upgrade to GroupWise 8.02HP3 or later. Earlier versions are no longer supported and remain vulnerable [1].

References
  1. GroupWise 8 WebAccess Cross-site scripting (XSS) issue in "Directory.Item" Parameters

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Novell/Groupwise4 versions
    cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:novell:groupwise:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:8.0:hp1:*:*:*:*:*:*
    • cpe:2.3:a:novell:groupwise:8.0:hp2:*:*:*:*:*:*
    • (no CPE)range: 8.0 before HP3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.