CVE-2010-4324

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: Jan 7, 2011
Updated: Apr 13, 2023
CVE: CVE-2010-4324
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
novell / identity_manager_roles_based_provisioning_module	-	3.7.0.x
novell / identity_manager	-	-

http://osvdb.org/70298
http://secunia.com/advisories/42819
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html
http://www.securityfocus.com/bid/45692
http://www.securitytracker.com/id?1024941
http://www.vupen.com/english/advisories/2011/0038
https://bugzilla.novell.com/show_bug.cgi?id=653516
https://exchange.xforce.ibmcloud.com/vulnerabilities/64501

Vulnerability Database

289,599

CVE-2010-4324