Vulnerabilities > CVE-2004-0672 - Cross-Site Scripting vulnerability in Netegrity IdentityMinder
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description Netegrity IdentityMinder Web Edition 5.6 Null Byte XSS. CVE-2004-0672 . Webapps exploit for cgi platform id EDB-ID:24244 last seen 2016-02-02 modified 2004-07-01 published 2004-07-01 reporter [email protected] source https://www.exploit-db.com/download/24244/ title Netegrity IdentityMinder Web Edition 5.6 Null Byte XSS description Netegrity IdentityMinder Web Edition 5.6 Management Interface XSS. CVE-2004-0672. Webapps exploit for cgi platform id EDB-ID:24245 last seen 2016-02-02 modified 2004-07-01 published 2004-07-01 reporter [email protected] source https://www.exploit-db.com/download/24245/ title Netegrity IdentityMinder Web Edition 5.6 Management Interface XSS