Page 4 of 21 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603. Vulnerabilidad de cross-site scripting (XSS) en Novell Identity Manager (también conocido como IDM) User Application v3.5.0, v3.5.1, v3.6.0, v3.6.1, v3.7.0 y v4.0.0, e Identity Manager Roles Based Provisioning Module v3.6.0, v3.6.1, v3.7.0,y v4.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro apwaDetail (también conocido como apwaDetailId), también conocido como Bug 709603. • http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Novell Identity Manager (también conocido como IDM) User Application v3.5.0, v3.5.1, v3.6.0, v3.6.1, v3.7.0, y v4.0.0, y Identity Manager Roles Based Provisioning Module v3.6.0, v3.6.1, v3.7.0, y v4.0.0, permite a atacantes remotos inyectar código web script o HTML a través del parámetro apwaDetail (también conocido como apwaDetailId), también conocido como Bug 692972. • http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. El motor de instalación en Novell Identity Manager (también conocido como IDM) v3.6.1 almacena las credenciales del árbol de administrador en p/idmInstall.log, lo que permite a usuarios locales obtener información mediante la lectura de este archivo. • http://secunia.com/advisories/41194 http://www.novell.com/support/viewContent.do?externalId=7006705 http://www.vupen.com/english/advisories/2010/2226 • CWE-255: Credentials Management Errors •