6.1

CVE-2017-7430

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

Data is provided by the National Vulnerability Database (NVD)
NovellImanager Version2.7
NovellImanager Version2.7 Updatesp1
NovellImanager Version2.7 Updatesp2
NovellImanager Version2.7 Updatesp3
NovellImanager Version2.7 Updatesp4
NovellImanager Version2.7 Updatesp4_patch1
NovellImanager Version2.7 Updatesp4_patch2
NovellImanager Version2.7 Updatesp4_patch3
NovellImanager Version2.7 Updatesp4_patch4
NovellImanager Version2.7 Updatesp5
NovellImanager Version2.7 Updatesp6
NovellImanager Version2.7 Updatesp7
NovellImanager Version2.7 Updatesp7_patch_1
NovellImanager Version2.7 Updatesp7_patch_10
NovellImanager Version2.7 Updatesp7_patch_2
NovellImanager Version2.7 Updatesp7_patch_3
NovellImanager Version2.7 Updatesp7_patch_4
NovellImanager Version2.7 Updatesp7_patch_5
NovellImanager Version2.7 Updatesp7_patch_6
NovellImanager Version2.7 Updatesp7_patch_7
NovellImanager Version2.7 Updatesp7_patch_8
NovellImanager Version2.7 Updatesp7_patch_9
NetiqImanager Version3.0
NetiqImanager Version3.0.1
NetiqImanager Version3.0.2
NetiqImanager Version3.0.2.1
NetiqImanager Version3.0.3
NetiqImanager Version3.0.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.66% 0.687
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.