Lucene search

MicrofocusCVELIST:CVE-2017-9276

HistoryNov 20, 2017 - 12:00 a.m.

CVE-2017-9276 XSS Vulnerability in iManager

2017-11-2000:00:00

CWE-79

microfocus

www.cve.org

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.4%

JSON

Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the “a” parameter.

CNA Affected

[
  {
    "product": "Access Manager",
    "vendor": "NetIQ",
    "versions": [
      {
        "lessThan": "4.3.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.novell.com/support/kb/doc.php?id=7022359

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.4%

JSON

Related for CVELIST:CVE-2017-9276