What is CVE-2017-9276?

CVE-2017-9276 is a medium-severity vulnerability in Netiq Access Manager, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2018-03-02.

How severe is CVE-2017-9276?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Netiq Access Manager

CVE-2017-9276

Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (51.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.

Affected products

Netiq Access Manager — versions unspecified
Netiq Access_manager

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security@opentext.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-9276?: CVE-2017-9276 is a medium-severity vulnerability in Netiq Access Manager, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2018-03-02.
How severe is CVE-2017-9276?: Medium severity. CVSS v3 base score is 5.4 out of 10.