Cross-Site Scripting Vulnerability in Novell Identity Manager Product by Novell
CVE-2013-1096

Currently unrated

Key Information:

Vendor: Novell
Status: Identity Manager Roles Based Provisioning Module
Vendor: CVE Published:; 28 December 2013

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Roles Based Provisioning Module of Novell Identity Manager versions prior to Field Patch D. This flaw enables remote attackers to inject arbitrary web scripts or HTML into web pages viewed by other users through the manipulation of a taskDetail taskId. Successful exploitation could lead to unauthorized actions or phishing attacks against users accessing the compromised site.

References

http://www.securitytracker.com/id/1029532

vdb-entryx_refsource_SECTRACK

https://bugzilla.novell.com/show_bug.cgi?id=819115

x_refsource_CONFIRM

http://download.novell.com/Download?buildid=dnDbmYe8PZc~

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 28, 2013
Vulnerability Reserved
Jan 11, 2013