CVE-2017-9276

Name of the Vulnerable Software and Affected Versions Novell Access Manager iManager versions prior to 4.3.3

Description The issue allows for cross-site scripting content to be reflected back into the result page. This is possible due to the lack of validation of parameters, specifically using the a parameter.

Recommendations For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter a to minimize the risk of exploitation.