PT-2025-44786 · Sailpoint · Identityiq
Published
2025-11-03
·
Updated
2025-11-12
·
CVE-2025-10280
CVSS v3.1
7.1
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IdentityIQ versions 8.5
IdentityIQ versions 8.4 through 8.4p3
IdentityIQ versions 8.3 through 8.3p5
versions prior to 8.3p6
Description
The software allows certain web services providing non-HTML content to be accessed through a URL that incorrectly sets the Content-Type to HTML. This can lead to a requesting browser interpreting content that is not properly escaped, potentially resulting in Cross-Site Scripting (XSS).
Recommendations
Update IdentityIQ to version 8.5p4 or later.
Update IdentityIQ to version 8.4p4 or later.
Update IdentityIQ to version 8.3p6 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Identityiq