CVE-2016-1592

MEDIUM

NetIQ Designer <4.5.3 - XSS

Title source: llm

Description

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

References (2)

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 45.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (2)

netiq/identity_manager < 4.5.2
n/a/NetIQ Designer for Identity Manager before 4.5.3 < NetIQ Designer for Identity Manager before 4.5.3

Timeline

Published Oct 27, 2016
Tracked Since Feb 18, 2026