Cross-Site Scripting Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1097

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 17 June 2013

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the ZCC page of njwc.jar in Novell ZENworks Configuration Management, which affects versions prior to the 11.2.3a Monthly Update 1. This vulnerability enables remote attackers to inject arbitrary web scripts or HTML into pages, specifically through onload event vectors. Exploiting this flaw could lead to unauthorized actions on behalf of users, compromising user data and session integrity.

References

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012025

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012502

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 17, 2013
Vulnerability Reserved
Jan 11, 2013