{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-10-19T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=692972"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html"}, {"name": "1026138", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1026138"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html"}, {"name": "49935", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49935"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=692972", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=692972"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html"}, {"name": "1026138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026138"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html"}, {"name": "49935", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49935"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1696", "datePublished": "2011-10-08T01:00:00", "dateReserved": "2011-04-15T00:00:00", "dateUpdated": "2011-10-19T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D958125-0657-4CEF-A9DF-2F8FFCC1DFD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EBB3E8A-FA93-4D23-94F4-DBDDDBD3F861", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEABF136-E21F-4C79-B38B-A1F3464A4543", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "16C2B282-48E2-4358-8CBA-1291045EBD7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "41A55426-2224-47C9-B218-18B2CA3EE410", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3877FBC-1D03-43D0-8C20-2E28B56C8246", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "889F7CF3-D952-429E-AE5C-ACA9FDBFA5B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3A36FF9-5740-4180-8427-772942636826", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "91714BEF-75CE-456E-AB62-B5AAC29FFE39", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "26DF6A06-1EE3-4219-8EC6-11D84E0C9DC1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Novell Identity Manager (tambi\u00e9n conocido como IDM) User Application v3.5.0, v3.5.1, v3.6.0, v3.6.1, v3.7.0, y v4.0.0, y Identity Manager Roles Based Provisioning Module v3.6.0, v3.6.1, v3.7.0, y v4.0.0, permite a atacantes remotos inyectar c\u00f3digo web script o HTML a trav\u00e9s del par\u00e1metro apwaDetail (tambi\u00e9n conocido como apwaDetailId), tambi\u00e9n conocido como Bug 692972."}], "id": "CVE-2011-1696", "lastModified": "2011-11-22T03:56:07.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-10-08T02:52:52.190", "references": [{"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49935"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1026138"}, {"source": "cve@mitre.org", "url": "https://bugzilla.novell.com/show_bug.cgi?id=692972"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}