CVE-2017-7419

Summary

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

Affected Software

VendorProductVersion RangeStatus
NetIQAccess Manager4.3 < 4.3.2affected
NetIQAccess Manager4.2 < 4.2.4affected

Weaknesses

  • cross site scripting attack
  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References