CyberSec.Space Logo
Back to CVE Browser

CVE-2010-4324

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile42.55th
PublishedJan 7, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Novell

Identity Manager

All versions
πŸ“¦
Novell

Identity Manager Roles Based Provisioning Module

<= 3.7.0

References & Advisories

πŸ”— http://osvdb.org/70298
πŸ”— http://secunia.com/advisories/42819
πŸ”— http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html
πŸ”— http://www.securityfocus.com/bid/45692
πŸ”— http://www.securitytracker.com/id?1024941
πŸ”— http://www.vupen.com/english/advisories/2011/0038
πŸ”— https://bugzilla.novell.com/show_bug.cgi?id=653516
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/64501

Related Vulnerabilities

CVE-2020-202110.0

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option i...

CVE-2017-1015110.0

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported vers...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2011-313510.0

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated...