CVE-2011-2227

Novell IDM <4.0.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.

References (9)

[Vendor Advisory] http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html

[Vendor Advisory] http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html

[Vendor Advisory] http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html

[Vendor Advisory] http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html

[Vendor Advisory] http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html

[Vendor Advisory] http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html

[Issue Tracking] https://bugzilla.novell.com/show_bug.cgi?id=709603

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49935

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026138

Scores

EPSS 0.0057

EPSS Percentile 68.2%

Classification

CWE

CWE-79

Status published

Affected Products (11)

novell/identity_manager_roles_based_provisioning_module

novell/identity_manager_roles_based_provisioning_module

novell/identity_manager_roles_based_provisioning_module

novell/identity_manager_roles_based_provisioning_module

novell/identity_manager_user_application

novell/identity_manager_user_application

novell/identity_manager_user_application

novell/identity_manager_user_application

novell/identity_manager_user_application

novell/identity_manager_user_application

n/a/n/a

Timeline

Published Oct 08, 2011

Tracked Since Feb 18, 2026