Cross-Site Scripting Vulnerability in Novell Identity Manager and Roles Based Provisioning Module
CVE-2011-1696

Currently unrated

Key Information:

Vendor: Novell
Status: Identity Manager Roles Based Provisioning Module
Vendor: CVE Published:; 8 October 2011

Summary

A cross-site scripting (XSS) vulnerability exists in Novell Identity Manager User Application and its Roles Based Provisioning Module, allowing remote attackers to inject arbitrary web scripts or HTML via a maliciously crafted request targeting the apwaDetail parameter. This exploitation could lead to the unauthorized execution of scripts in the context of the user’s session, potentially compromising sensitive information and the integrity of web applications.

References

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

https://bugzilla.novell.com/show_bug.cgi?id=692972

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 8, 2011
Vulnerability Reserved
Apr 15, 2011