CVE-2016-1609

Name of the Vulnerable Software and Affected Versions Novell Filr versions prior to 1.2 Security Update 3 Novell Filr versions prior to 2.0 Security Update 2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted input. This can be demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.

Recommendations For Novell Filr versions prior to 1.2 Security Update 3, apply Security Update 3 to resolve the issue. For Novell Filr versions prior to 2.0 Security Update 2, apply Security Update 2 to resolve the issue. As a temporary workaround, consider restricting user input in the phone field of user profiles to minimize the risk of exploitation.