Cross-Site Scripting Vulnerability in Novell Data Synchronizer
CVE-2011-2224

Currently unrated

Key Information:

Vendor: Novell
Status: Mobility Pack; Data Synchronizer
Vendor: CVE Published:; 9 August 2011

What is CVE-2011-2224?

The Novell Data Synchronizer, in versions prior to 1.2, lacks the HTTPOnly flag in the Set-Cookie header, making it susceptible to cross-site scripting (XSS) attacks. This weakness allows remote attackers to exploit the application through various unspecified vectors, potentially intercepting sensitive user information or executing malicious scripts within the user’s browser.

References

http://secunia.com/advisories/45527

third-party-advisoryx_refsource_SECUNIA

http://www.novell.com/support/viewContent.do?externalId=7...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/49069

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2011
Vulnerability Reserved
Jun 2, 2011