VULHUB ™

It has been reported that Novell iChain Server may be prone to a cross-site scripting vulnerability that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'url=' parameter passed to the failed login page. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.

It has been reported that Novell iChain Server may be prone to a cross-site scripting vulnerability that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'url=' parameter passed to the failed login page. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.