Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
References
Configurations
History
21 Nov 2024, 03:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.novell.com/support/kb/doc.php?id=7022359 - | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.4 |
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.novell.com/support/kb/doc.php?id=7022359 - |
Information
Published : 2018-03-02 20:29
Updated : 2024-11-21 03:35
NVD link : CVE-2017-9276
Mitre link : CVE-2017-9276
CVE.ORG link : CVE-2017-9276
JSON object : View
Products Affected
netiq
- access_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')