Cross-Site Scripting Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1095

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 17 June 2013

Summary

A cross-site scripting vulnerability exists in the ZCC page within the njwc.jar of Novell ZENworks Configuration Management. This flaw allows remote attackers to inject malicious scripts or HTML content by exploiting specific vectors that involve the onError event, potentially compromising the security of web applications and user data.

References

http://www.novell.com/support/kb/doc.php?id=7012500

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012025

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 17, 2013
Vulnerability Reserved
Jan 11, 2013