CVE-2004-0672
published 2004-08-06CVE-2004-0672: Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote…
PriorityP422medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.01%
78.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netegrity | identityminder | — | — |
| netegrity | identityminder | — | — |
| netegrity | identityminder | — | — |
| netegrity | policy_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Netegrity IdentityMinder Web Edition 5.6 - Management Interface Cross-Site Scripting
exploitdb·2004-07-01
CVE-2004-0672 Netegrity IdentityMinder Web Edition 5.6 - Management Interface Cross-Site Scripting
Netegrity IdentityMinder Web Edition 5.6 - Management Interface Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10645/info
Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments.
It has been reported that Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code ma
Exploit-DB
Netegrity IdentityMinder Web Edition 5.6 - Null Byte Cross-Site Scripting
exploitdb·2004-07-01
CVE-2004-0672 Netegrity IdentityMinder Web Edition 5.6 - Null Byte Cross-Site Scripting
Netegrity IdentityMinder Web Edition 5.6 - Null Byte Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10645/info
Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments.
It has been reported that Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be render
No writeups or analysis indexed.
2004-08-06
Published