Cross-site Scripting Vulnerability in Novell eDirectory's iMonitor
CVE-2014-5212

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 19 December 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the 'nds/search/data' component of the iMonitor in Novell eDirectory versions prior to 8.8 SP8 Patch 4. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the 'rdn' parameter, potentially compromising the security of user sessions and leading to unauthorized access. Organizations using affected versions are urged to apply the latest patches and take precautionary measures to protect their web applications from potential exploitation.

References

https://bugzilla.novell.com/show_bug.cgi?id=904134

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534284

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id/1031408

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Aug 13, 2014