Cross-Site Scripting Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1094

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 17 June 2013

Summary

An XSS vulnerability exists in the ZCC page of Novell ZENworks Configuration Management that allows remote attackers to inject arbitrary web scripts or HTML through the use of an invalid locale. This issue affects various versions prior to the 11.2.3a Monthly Update 1, posing a risk to the application integrity and potentially allowing unauthorized actions on behalf of users who access the compromised page. It is crucial for users to apply the recommended updates to mitigate this security risk.

References

http://www.novell.com/support/kb/doc.php?id=7012501

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012025

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 17, 2013
Vulnerability Reserved
Jan 11, 2013