Vulnerability Details CVE-2017-7591
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/
- https://backstage.forgerock.com/knowledge/kb/article/a92936505
- http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/
- https://backstage.forgerock.com/knowledge/kb/article/a92936505
Products affected by CVE-2017-7591
-
cpe:2.3:a:openidm_project:openidm:4.0.0
-
cpe:2.3:a:openidm_project:openidm:4.5.0