Cross-Site Scripting Vulnerability in Novell Access Manager Identity Server
CVE-2007-0110

Currently unrated

Key Information:

Vendor: Novell
Status: Access Manager Identity Server
Vendor: CVE Published:; 9 January 2007

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Novell Access Manager Identity Server prior to version 3.0.0-1013. This flaw enables remote attackers to inject arbitrary web scripts or HTML into error messages via the IssueInstant parameter, leading to potential manipulation of the web pages viewed by users. Insecure handling of this parameter exposes sensitive user data and allows exploitation of the end-user's browser. Remediation steps are essential to prevent exploitation and protect user data.

References

http://secunia.com/advisories/23654

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/31359

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/21921

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 9, 2007
Vulnerability Reserved
Jan 8, 2007