header-logo
Suggest Exploit
vendor:
IdentityMinder
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: IdentityMinder
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Microsoft Windows

Cross-Site Scripting Vulnerabilities in Netegrity IdentityMinder

Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by creating a malicious link that includes hostile HTML and script code. If an unsuspecting user follows the link, the hostile code may be rendered in their web browser, allowing for theft of cookie-based authentication credentials and arbitrary application command execution.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate user-supplied input before using it in the application. Implementing proper input validation and output encoding can help prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10645/info

Netegrity IdentityMinder is a tool designed for the Microsoft Windows platform to manage and maintain users and user accounts. The tool supports a web based interface for creating and removing users in multi-user environments.

It has been reported that Netegrity IdentityMinder is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials as well as arbitrary application command execution.

http://www.example.com/idm/siteName/ims_mainconsole_principalpopuphandler.do?searchAttrs0=%25GROUP_NAME%25&searchOperators0=EQUALS&searchFilter0=&searchOrgDN=specifiedDNValue&incChildrenOrgFlag=NO&resultsPerPage=10&oid=&imsui_taskstate=RESOLVE_SCOPE&imsui_tpnametosearch=group&numOfExpressions=1%00<script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR