CVE-2007-0110 – Novell Access Manager 3 Identity Server - 'IssueInstant' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0110
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en nidp/idff/sso en Novell Access Manager Identity Server anterior a 3.0.0-1013 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro IssueInstant, que no se maneja adecuadamente en el mensaje de error resultante. • https://www.exploit-db.com/exploits/29400 http://osvdb.org/31359 http://secunia.com/advisories/23654 http://securitytracker.com/id?1017483 http://www.securityfocus.com/bid/21921 http://www.vupen.com/english/advisories/2007/0073 https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html •