Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/64501
https://bugzilla.novell.com/show_bug.cgi?id=653516
http://www.vupen.com/english/advisories/2011/0038
http://www.securitytracker.com/id?1024941
http://www.securityfocus.com/bid/45692
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html