CVE-2007-0110

Name of the Vulnerable Software and Affected Versions Novell Access Manager Identity Server versions prior to 3.0.0-1013

Description A cross-site scripting (XSS) issue exists due to improper handling of the IssueInstant parameter in the nidp/idff/sso component, allowing remote attackers to inject arbitrary web script or HTML via this parameter. This can occur when the parameter is not properly handled in the resulting error message.

Recommendations For versions prior to 3.0.0-1013, update to version 3.0.0-1013 or later to resolve the issue. As a temporary workaround, consider restricting access to the nidp/idff/sso component to minimize the risk of exploitation. Avoid using the IssueInstant parameter in the affected component until the issue is resolved.