CVE-2017-7419

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:50

Type Values Removed Values Added
References (CONFIRM) https://www.novell.com/support/kb/doc.php?id=7019893 - Vendor Advisory () https://www.novell.com/support/kb/doc.php?id=7019893 -
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1031853 - Issue Tracking, Permissions Required, Third Party Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1031853 -

Information

Published : 2018-03-02 20:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-7419

Mitre link : CVE-2017-7419

CVE.ORG link : CVE-2017-7419


JSON object : View

Products Affected

netiq

  • access_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')