CVE-2011-2227

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.7%

top 28.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Identity Manager Roles Based Provisioning Module Novell Identity Manager User Application

Timeline

PublishedOct 8

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDnovell/identity_manager_roles_based_provisioning_module4 versions+3

▶NVDnovell/identity_manager_user_application6 versions+5

🔴Vulnerability Details

GHSA

GHSA-6vwf-gj43-wr9h: Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3↗2022-05-17

▶

CVEList

CVE-2011-2227: Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3↗2011-10-08

▶