CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities Published In 2011 (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2661 79 XSS 2011-10-07 2012-05-14
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
2 CVE-2011-2652 79 XSS 2011-08-23 2011-08-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file.
3 CVE-2011-2650 79 XSS 2011-08-23 2011-08-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.
4 CVE-2011-2644 79 XSS 2011-08-23 2011-08-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
5 CVE-2011-2227 79 XSS 2011-10-07 2011-11-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.
6 CVE-2011-2226 79 XSS 2011-08-23 2011-08-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.
7 CVE-2011-2224 79 XSS 2011-08-09 2012-08-02
4.3
None Remote Medium Not required None Partial None
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
8 CVE-2011-1696 79 XSS 2011-10-07 2011-11-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
9 CVE-2011-0462 79 XSS 2011-04-09 2011-04-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2010-4716 79 XSS 2011-01-31 2011-02-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11 CVE-2010-4324 79 XSS 2011-01-07 2011-07-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12 CVE-2010-4322 79 XSS 2011-01-07 2011-01-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
13 CVE-2010-2779 79 XSS 2011-01-28 2011-01-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."
14 CVE-2010-2778 79 XSS 2011-01-28 2011-01-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.