Reflected Cross Site Scripting Vulnerability in NetIQ Access Manager Web Tools

Reflected Cross Site Scripting Vulnerability in NetIQ Access Manager Web Tools

CVE-2016-5756 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp.

Learn more about our Web App Pen Testing.