Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html - | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html - | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html - | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html - | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html - | |
References | () http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html - | |
References | () http://www.securityfocus.com/bid/49935 - | |
References | () http://www.securitytracker.com/id?1026138 - | |
References | () https://bugzilla.novell.com/show_bug.cgi?id=692972 - |
Information
Published : 2011-10-08 02:52
Updated : 2024-11-21 01:26
NVD link : CVE-2011-1696
Mitre link : CVE-2011-1696
CVE.ORG link : CVE-2011-1696
JSON object : View
Products Affected
novell
- identity_manager_roles_based_provisioning_module
- identity_manager_user_application
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')