This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.
The remote web server contains an application that is affected by
multiple cross-site scripting vulnerabilities.
The remote host is running Sun Java System Identity Manager, a Java
application for user provisioning and identity auditing in enterprise
The version of Identity Manager installed on the remote host fails to
sanitize user-supplied input to various JSP scripts before using it to
generate dynamic content. An unauthenticated, remote attacker may be
able to leverage these issues to inject arbitrary HTML or script code
into a user's browser to be executed within the security context of
the affected site.
Known to be affected are the 'cntry' and 'lang' parameters of the
'login.jsp' script, the 'resultsForm' parameter of the
'account/findForSelect.jsp' script, the 'activeControl' parameter of
the 'user/main.jsp' script, the 'helpUrl' parameter of the
'help/index.jsp' script, and the 'nextPage' parameter of the
See also :
Upgrade to one of the versions of Sun Java System Identity Manager
listed in the vendor's advisory.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true