CVE-2010-4324

{"id": "CVE-2010-4324", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-01-07T19:00:17.983", "references": [{"url": "http://osvdb.org/70298", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42819", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45692", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024941", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0038", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=653516", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64501", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Approval Form en User Application en Roles Based Provisioning Module v3.7.0 anteriores a 370D en Novell Identity Manager (tambi\u00e9n conocida como IDM) permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de\r\nvectores no especificados."}], "lastModified": "2017-08-17T01:33:09.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:identity_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B15CB5E-A7FD-4917-9A7D-99598BEE202A"}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3609B364-9152-4448-A156-041BF5D289ED", "versionEndIncluding": "3.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}