CVE-2010-4324

medium

Description

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64501

https://bugzilla.novell.com/show_bug.cgi?id=653516

http://www.vupen.com/english/advisories/2011/0038

http://www.securitytracker.com/id?1024941

http://www.securityfocus.com/bid/45692

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html

http://secunia.com/advisories/42819

http://osvdb.org/70298

Details

Source: Mitre, NVD

Published: 2011-01-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01509