Cross-Site Scripting Vulnerabilities in NetIQ Access Manager by Novell
CVE-2014-5216
Currently unrated
What is CVE-2014-5216?
NetIQ Access Manager versions 4.x prior to 4.0.1 HF3 are affected by multiple cross-site scripting (XSS) vulnerabilities. These issues allow remote attackers to inject arbitrary web scripts or HTML through various parameters, including 'location' in the 'dev.Empty' action, 'error' in 'nidp/jsp/x509err.jsp', 'lang' in 'sslvpn/applet_agent.jsp', and 'secureLoggingServersA' in 'roma/system/cntl'. This presents significant risks to web application security and necessitates urgent action to mitigate potential threats.