CVE-2004-0672

Name of the Vulnerable Software and Affected Versions Netegrity IdentityMinder Web Edition version 5.6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces. These vulnerabilities allow remote attackers to execute scripts as other users. The exploitation can occur via two parameters: numOfExpressions when the script starts with %00, and mobjtype.

Recommendations For Netegrity IdentityMinder Web Edition version 5.6, consider restricting access to the numOfExpressions and mobjtype parameters in the web interfaces until a fix is available. Avoid using scripts that start with %00 in the numOfExpressions parameter to minimize the risk of exploitation.