Zero Day Initiative Advisory 10-135 - This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell Groupwise WebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentials being compromised.
d9a2608c117c28f405f37042b1fa11dd1fd848c441fad6887c142f2403ce65b3