MOABI : Continuous Software Improvement

CVE-2009-4662
Description	Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.
Impact	CVSS v2 : 4.3 MEDIUM
Type	CWE-79
Attack Vector	CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://secunia.com/advisories/36746 http://www.novell.com/support/viewContent.do?externalId=7004410&sliceId=1 http://www.securityfocus.com/bid/36437 http://www.securitytracker.com/id?1022910 http://www.vupen.com/english/advisories/2009/2689 https://exchange.xforce.ibmcloud.com/vulnerabilities/53322