CVE-2011-2227

Name of the Vulnerable Software and Affected Versions Novell Identity Manager (aka IDM) User Application versions 3.5.0 through 4.0.0 Novell Identity Manager Roles Based Provisioning Module versions 3.6.0 through 4.0.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (also known as apwaDetailId) parameter. This is a cross-site scripting (XSS) issue, which occurs when an application includes user input in its output without proper validation or encoding, allowing an attacker to inject malicious scripts.

Recommendations For Novell Identity Manager (aka IDM) User Application versions 3.5.0 through 4.0.0, avoid using the apwaDetail parameter in affected API endpoints until the issue is resolved. For Novell Identity Manager Roles Based Provisioning Module versions 3.6.0 through 4.0.0, restrict access to the module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.