Vulnerability Details CVE-2017-7590
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/
- http://www.securityfocus.com/bid/98044
- https://backstage.forgerock.com/knowledge/kb/article/a92936505
- http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/
- http://www.securityfocus.com/bid/98044
- https://backstage.forgerock.com/knowledge/kb/article/a92936505
Products affected by CVE-2017-7590
-
cpe:2.3:a:openidm_project:openidm:4.0.0
-
cpe:2.3:a:openidm_project:openidm:4.5.0