Lucene search

[email protected]CVE-2013-1096

HistoryDec 28, 2013 - 4:53 a.m.

CVE-2013-1096

2013-12-2804:53:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-1096

cross-site scripting

xss

novell identity manager

idm

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId.

Affected configurations

NVD

Node

novellidentity_manager_roles_based_provisioning_moduleMatch4.0.2

CPENameOperatorVersion
novell:identity_manager_roles_based_provisioning_modulenovell identity manager roles based provisioning moduleeq4.0.2

CPE	Name	Operator	Version
novell:identity_manager_roles_based_provisioning_module	novell identity manager roles based provisioning module	eq	4.0.2

References

download.novell.com/Download?buildid=dnDbmYe8PZc~

www.securitytracker.com/id/1029532

bugzilla.novell.com/show_bug.cgi?id=819115

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2013-1096

nvd1 nessus1 prion1 cvelist1