NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
CPE | Name | Operator | Version |
---|---|---|---|
access_manager | eq | 4.3 | |
access_manager | eq | 4.3.1 | |
access_manager | eq | 4.2.2 |