CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-0672

Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://marc.info/?l=bugtraq&m=108881203114336&w=2
http://www.securityfocus.com/bid/10645
https://exchange.xforce.ibmcloud.com/vulnerabilities/16618
http://marc.info/?l=bugtraq&m=108881203114336&w=2
http://www.securityfocus.com/bid/10645
https://exchange.xforce.ibmcloud.com/vulnerabilities/16618

Products affected by CVE-2004-0672

Netegrity » Identityminder » Version: web_5.6

cpe:2.3:a:netegrity:identityminder:web_5.6
Netegrity » Identityminder » Version: web_5.6_sp1

cpe:2.3:a:netegrity:identityminder:web_5.6_sp1
Netegrity » Identityminder » Version: web_5.6_sp2

cpe:2.3:a:netegrity:identityminder:web_5.6_sp2
Netegrity » Policy Server » Version: 5.5

cpe:2.3:a:netegrity:policy_server:5.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-0672

Products

Pricing

Contact Us