CVE-2007-0110

Currently unrated

Key Information:

Vendor: Novell
Status: Access Manager Identity Server
Vendor: CVE Published:; 9 January 2007

Summary

Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

References

http://secunia.com/advisories/23654

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/31359

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/21921

vdb-entryx_refsource_BID

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 9, 2007
Vulnerability Reserved
Jan 8, 2007

Collectors

NVD DatabaseMitre Database