Cross-site Scripting Vulnerability in Novell Identity Manager Approval Form
CVE-2010-4324

Currently unrated

Key Information:

Vendor: Novell
Status: Identity Manager Roles Based Provisioning Module; Identity Manager
Vendor: CVE Published:; 7 January 2011

What is CVE-2010-4324?

The Approval Form in the User Application of Novell Identity Manager's Roles Based Provisioning Module versions prior to 370D are susceptible to a Cross-site Scripting (XSS) vulnerability. This flaw permits remote attackers to inject arbitrary web scripts or HTML through various unspecified vectors, potentially compromising user data and application integrity.

References

http://osvdb.org/70298

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2011/0038

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/45692

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2011
Vulnerability Reserved
Nov 29, 2010