Cross site scripting

2007-01-0900:28:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

CPENameOperatorVersion
access_manager_identity_serverle3

CPE	Name	Operator	Version
	access_manager_identity_server	le	3

References

osvdb.org/31359

secunia.com/advisories/23654

securitytracker.com/id?1017483

www.securityfocus.com/bid/21921

www.vupen.com/english/advisories/2007/0073

secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html