Cross-Site Scripting Vulnerability in Novell Data Synchronizer
CVE-2011-2224

Currently unrated

Key Information:

Vendor

Novell
Status
Mobility Pack
Data Synchronizer
Vendor
CVE Published:
9 August 2011

What is CVE-2011-2224?

The Novell Data Synchronizer, in versions prior to 1.2, lacks the HTTPOnly flag in the Set-Cookie header, making it susceptible to cross-site scripting (XSS) attacks. This weakness allows remote attackers to exploit the application through various unspecified vectors, potentially intercepting sensitive user information or executing malicious scripts within the user’s browser.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/45527
third-party-advisoryx_refsource_SECUNIA
http://www.novell.com/support/viewContent.do?externalId=7...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/49069
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.