iManager vulnerable to XSS via Improper Input Validation
CVE-2020-11859

5.4MEDIUM

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 6 November 2024

Summary

An improper input validation vulnerability exists in OpenText iManager, which allows an attacker to exploit the application and execute Cross-Site Scripting (XSS) attacks. This vulnerability potentially permits the injection of malicious scripts into web pages viewed by other users, compromising their data and enabling session hijacking. Systems utilizing versions of iManager prior to 3.2.3 are susceptible to this security flaw, necessitating immediate action to upgrade to a secure version and mitigate risk.

Affected Version(s)

iManager Windows 3.2.3

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 6, 2024
Vulnerability Reserved
Apr 16, 2020