Medium severity6.1NVD Advisory· Published Apr 20, 2017· Updated Jun 17, 2026
CVE-2016-5760
CVE-2016-5760
Description
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:novell:groupwise:*:*:*:*:*:*:*:*range: <=2012
- cpe:2.3:a:novell:groupwise:2014:-:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:r2:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:groupwise:2014:sp2:*:*:*:*:*:*
- (no CPE)range: <2014 R2 Service Pack 1 Hot Patch 1
- Range: <2014 R2 Service Pack 1 Hot Patch 1
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/138503/Micro-Focus-GroupWise-Cross-Site-Scripting-Overflows.htmlnvd
- seclists.org/fulldisclosure/2016/Aug/123nvd
- www.securityfocus.com/archive/1/539296/100/0/threadednvd
- www.securityfocus.com/bid/92646nvd
- www.novell.com/support/kb/doc.phpnvd
- www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160825-0_Micro_Focus_GroupWise_Multiple_vulnerabilities_v10.txtnvd
News mentions
0No linked articles in our index yet.