CVE-2008-5095

EUVD-2008-5074
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
novellidentity_manager_roles_based_provisioning_module
3.6.0
novellidentity_manager_roles_based_provisioning_module
3.6.1
novelluser_application
3.0.1
novelluser_application
3.5.0
novelluser_application
3.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1
http://www.securityfocus.com/bid/30947
http://www.securitytracker.com/id?1020792
http://www.securitytracker.com/id?1020793
http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1
http://www.securityfocus.com/bid/30947
http://www.securitytracker.com/id?1020792
http://www.securitytracker.com/id?1020793