CVE-2004-2757

Novell Ichain < 2.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.

References (4)

[Vendor Advisory] http://secunia.com/advisories/10653

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/14873

[Vendor Advisory] http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/9412

Scores

EPSS 0.0027

EPSS Percentile 50.3%

Classification

CWE

CWE-79

Status draft

Affected Products (5)

novell/ichain < 2.2

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026