CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14801 – Reflected xss in Admin Console REST interface
https://notcve.org/view.php?id=CVE-2017-14801
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permitía que atacantes reflejasen XSS en la página llamada empleando el parámetro url. • https://www.novell.com/support/kb/doc.php?id=7022357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14802 – Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
https://notcve.org/view.php?id=CVE-2017-14802
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podría ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros. • https://www.novell.com/support/kb/doc.php?id=7022360 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9276 – XSS Vulnerability in iManager
https://notcve.org/view.php?id=CVE-2017-9276
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. Novell Access Manager iManager, en versiones anteriores a la 4.3.3, no validaba parámetros, por lo que el contenido de Cross-Site Scripting (XSS) podía reflejarse de nuevo en la página de resultados mediante un parámetro "a". • https://www.novell.com/support/kb/doc.php?id=7022359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14799 – XSS Vulnerability with ESP URL
https://notcve.org/view.php?id=CVE-2017-14799
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. Un ataque de Cross-Site Scripting (XSS) en la gestión del parámetro ESP login en NetIQ Access Manager, en versiones anteriores a la 4.3.3, podría emplearse para inyectar código JavaScript en la página de inicio de sesión. • https://www.novell.com/support/kb/doc.php?id=7022358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14800 – Reflected xss on Access Manager iManager UI
https://notcve.org/view.php?id=CVE-2017-14800
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. Un ataque de Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, al emplear el parámetro "typecontainerid" del editor de políticas, podría permitir la inyección de código en páginas de usuarios autenticados. • https://www.novell.com/support/kb/doc.php?id=7022356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •