Cross-site Scripting Vulnerability in Novell User Application and Identity Manager Roles Based Provisioning Module
CVE-2008-5095

Currently unrated

Key Information:

Vendor: Novell
Status: Identity Manager Roles Based Provisioning Module; User Application
Vendor: CVE Published:; 14 November 2008

What is CVE-2008-5095?

A Cross-site Scripting (XSS) vulnerability exists in Novell User Application versions 3.0.1, 3.5.0, and 3.5.1, and in the Identity Manager Roles Based Provisioning Module versions 3.6.0 and 3.6.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML through unspecified vectors, potentially compromising the integrity of affected web interfaces and leading to unauthorized actions.

References

http://www.securityfocus.com/bid/30947

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1020792

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id?1020793

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2008
Vulnerability Reserved
Nov 14, 2008