CVE-2017-7419

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-02 20:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-7419

Mitre link : CVE-2017-7419

CVE.ORG link : CVE-2017-7419


JSON object : View

Products Affected

netiq

  • access_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')