PT-2013-2871 · Novell · Novell Zenworks Configuration Management+1
Published
2013-06-17
·
Updated
2013-11-07
·
CVE-2013-1095
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Novell ZENworks Configuration Management (ZCM) versions 11.2 through 11.2.3a before Monthly Update 1
Description
A cross-site scripting (XSS) issue exists in a ZCC page in njwc.jar, allowing remote attackers to inject arbitrary web script or HTML via vectors involving an onError event.
Recommendations
For versions 11.2 through 11.2.3a before Monthly Update 1, update to Monthly Update 1 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Novell Zenworks Configuration Management
Zcm