Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netegrity | Identityminder | web_5.6 |
| Netegrity | Policy Server | 5.5 |
References
- http://marc.info/?l=bugtraq&m=108881203114336&w=2
- http://www.securityfocus.com/bid/10645Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16618
- http://marc.info/?l=bugtraq&m=108881203114336&w=2
- http://www.securityfocus.com/bid/10645Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16618
FAQ
What is CVE-2004-0672?
CVE-2004-0672 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users vi...
How severe is CVE-2004-0672?
CVE-2004-0672 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0672?
Check the references section above for vendor advisories and patch information. Affected products include: Netegrity Identityminder, Netegrity Policy Server.