CVE-2016-1598

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 49.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Identity Manager Identity Applications Novell Identity Manager

Timeline

PublishedOct 27

Latest updateMay 17

Description

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5netiq_idm_4.5_identity_applications_before_4.5.4NetIQ IDM 4.5 Identity Applications before 4.5.4

▶NVDnovell/identity_manager_identity_applications4.5.3

▶NVDnovell/identity_manager4.5

🔴Vulnerability Details

GHSA

GHSA-2qg9-936j-cmh6: XSS in NetIQ IDM 4↗2022-05-17

▶

CVEList

CVE-2016-1598: XSS in NetIQ IDM 4↗2016-10-27

▶