CVE-2017-5183
NetIQ Access Manager is affected: versions 4.2.2 and 4.3.x prior to 4.3.1+ contain an XSS flaw in the AssertionConsumerServiceURL field of a signed samlp:AuthnRequest when acting as Identity Server. The root cause is a cross-site scripting vulnerability in that URL field within the AuthnRequest. ...