Medium severity6.1NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026

CVE-2016-9169

Description

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.

Affected products

N/a/Novell Groupwisev5
Range: Novell GroupWise
Novell/Groupwise
cpe:2.3:a:novell:groupwise:2014:r2_sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/97318nvd
www.novell.com/support/kb/doc.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000