CVE-2016-9168

MEDIUM

Novell eDirectory <9.0.2 - XSS

Title source: llm

Description

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.

References (2)

[Vendor Advisory] https://www.novell.com/support/kb/doc.php?id=7016794

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97320

Scores

CVSS v3 6.5

EPSS 0.0056

EPSS Percentile 68.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-20

Status published

Affected Products (2)

novell/edirectory < 9.0.1

n/a/Novell eDirectory < Novell eDirectory

Timeline

Published Mar 23, 2017

Tracked Since Feb 18, 2026