CVE-2017-7590

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openidm_project:openidm:*:*:*:*:*:*:*:*
cpe:2.3:a:openidm_project:openidm:4.5.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:32

Type Values Removed Values Added
References () http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/ - Exploit, Third Party Advisory () http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/ - Exploit, Third Party Advisory
References () http://www.securityfocus.com/bid/98044 - () http://www.securityfocus.com/bid/98044 -
References () https://backstage.forgerock.com/knowledge/kb/article/a92936505 - Mitigation, Third Party Advisory () https://backstage.forgerock.com/knowledge/kb/article/a92936505 - Mitigation, Third Party Advisory

Information

Published : 2017-04-09 01:59

Updated : 2024-11-21 03:32


NVD link : CVE-2017-7590

Mitre link : CVE-2017-7590

CVE.ORG link : CVE-2017-7590


JSON object : View

Products Affected

openidm_project

  • openidm
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')