CVE-2004-2757

Name of the Vulnerable Software and Affected Versions Novell iChain versions prior to 2.2 build 2.2.113 Novell iChain version 2.3 First Customer Ship (FCS)

Description A cross-site scripting (XSS) issue exists in the failed login page, allowing remote attackers to inject arbitrary web script or HTML via a url parameter. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Novell iChain versions prior to 2.2 build 2.2.113, update to a version after 2.2 build 2.2.113 to resolve the issue. For Novell iChain version 2.3 First Customer Ship (FCS), consider disabling access to the failed login page until a patch is available. As a temporary workaround, restrict access to the vulnerable url parameter in the failed login page to minimize the risk of exploitation.