CVE-2016-9169 - OpenCVE

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Groupwise

Configuration 1 [-]

cpe:2.3:a:novell:groupwise:2014:r2_sp1:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97318
https://www.novell.com/support/kb/doc.php?id=7018371

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2017-03-23T06:36:00

Updated: 2024-08-06T02:42:10.947Z

Reserved: 2016-11-03T00:00:00

Link: CVE-2016-9169

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-23T06:59:00.640

Modified: 2023-11-07T02:36:48.720

Link: CVE-2016-9169

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Novell GroupWise", "vendor": "n/a", "versions": [{"status": "affected", "version": "Novell GroupWise"}]}], "datePublic": "2017-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."}], "problemTypes": [{"descriptions": [{"description": "XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:40", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.novell.com/support/kb/doc.php?id=7018371"}, {"name": "97318", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97318"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-9169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Novell GroupWise", "version": {"version_data": [{"version_value": "Novell GroupWise"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS"}]}]}, "references": {"reference_data": [{"name": "https://www.novell.com/support/kb/doc.php?id=7018371", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7018371"}, {"name": "97318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97318"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:10.947Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.novell.com/support/kb/doc.php?id=7018371"}, {"name": "97318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97318"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-9169", "datePublished": "2017-03-23T06:36:00", "dateReserved": "2016-11-03T00:00:00", "dateUpdated": "2024-08-06T02:42:10.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:groupwise:2014:r2_sp1:*:*:*:*:*:*", "matchCriteriaId": "C8D27FE5-CC84-4DB2-A8D7-87B733A37F69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks."}, {"lang": "es", "value": "Existe una vulnerabilidad de XSS reflejada en la consola web de Document Viewer Agent en Novell GroupWise en versiones anteriores a 2014 R2 Support Pack 1 Hot Patch 2 puede permitir a un atacante remoto ejecutar JavaScript en el contexto de una sesi\u00f3n de explorador de un usuario v\u00e1lido haciendo que haga clic en un enlace manipulado. Esto podr\u00eda provocar el comprometimiento de sesi\u00f3n u otros ataques basados en navegador."}], "id": "CVE-2016-9169", "lastModified": "2023-11-07T02:36:48.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-23T06:59:00.640", "references": [{"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/97318"}, {"source": "security@opentext.com", "url": "https://www.novell.com/support/kb/doc.php?id=7018371"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}