CVE-2013-1097

Novell ZENworks Configuration Management <11.2.3a - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event.

References (3)

[Vendor Advisory] http://www.novell.com/support/kb/doc.php?id=7012025

[Vendor Advisory] http://www.novell.com/support/kb/doc.php?id=7012027

[Vendor Advisory] http://www.novell.com/support/kb/doc.php?id=7012502

Scores

EPSS 0.0067

EPSS Percentile 71.2%

Details

CWE

CWE-79

Status published

Products (5)

novell/zenworks_configuration_management

n/a/n/a

Published Jun 17, 2013

Tracked Since Feb 18, 2026