CVE-2012-6344
https://notcve.org/view.php?id=CVE-2012-6344
Novell ZENworks Configuration Management before 11.2.4 allows XSS. Novell ZENworks Configuration Management versiones anteriores a 11.2.4, permite un ataque de tipo XSS. • https://support.microfocus.com/kb/doc.php?id=7012761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1093
https://notcve.org/view.php?id=CVE-2013-1093
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. Vulnerabilidad de redirección abierta en la función fwdToURL la pagina de login de ZCC en zcc-framework.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través del parámetro directToPage. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012499 • CWE-20: Improper Input Validation •
CVE-2013-1094
https://notcve.org/view.php?id=CVE-2013-1094
Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en zenworks-core en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un "locale" invalido. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1095
https://notcve.org/view.php?id=CVE-2013-1095
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un evento onError. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1097
https://notcve.org/view.php?id=CVE-2013-1097
Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event. Vulnerabilidad Cross-site scripting (XSS) en la pagina ZCC en njwc.jar en Novell ZENworks Configuration Management (ZCM) v11.2 anterior a v11.2.3a Monthly Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican un evento onload. • http://www.novell.com/support/kb/doc.php?id=7012025 http://www.novell.com/support/kb/doc.php?id=7012027 http://www.novell.com/support/kb/doc.php?id=7012502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •