Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html
www.securityfocus.com/bid/49935
www.securitytracker.com/id?1026138
bugzilla.novell.com/show_bug.cgi?id=692972