Unvalidated HTTP Referer Header XSS Vulnerability in NetIQ Access Manager

Unvalidated HTTP Referer Header XSS Vulnerability in NetIQ Access Manager

CVE-2017-5191 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.

Learn more about our Web Application Penetration Testing UK.