Skip to main content

Edirectory CVE-2014-5212

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2014-12-19 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 19, 2014 - 18:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.

AnalysisAI

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.7% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. Affected products include: Novell Edirectory. Version information: before 8.8.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2012-0432 CRITICAL POC
10.0 Dec 25

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at

CVE-2014-5213 MEDIUM POC
4.0 Dec 19

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allo

CVE-2016-9167 HIGH
7.5 Mar 23

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, whi

CVE-2017-5186 HIGH
7.5 Apr 27

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch

CVE-2016-5747 HIGH
7.5 Mar 23

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 a

CVE-2018-17950 HIGH
7.5 Dec 12

Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2. Rated high severity (CVSS 7.5), this vulne

CVE-2018-7686 HIGH
7.5 Aug 09

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Rated high severity (

CVE-2018-12461 HIGH
7.5 Jul 10

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Rated high severity (CVSS 7.5),

CVE-2018-1346 HIGH
7.5 Mar 21

Addresses denial of service attack to eDirectory versions prior to 9.1. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2016-9168 MEDIUM
6.5 Mar 23

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by r

CVE-2012-0430 MEDIUM
6.4 Dec 25

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote

CVE-2018-17952 MEDIUM
6.1 Dec 12

Cross site scripting vulnerability in eDirectory prior to 9.1 SP2. Rated medium severity (CVSS 6.1), this vulnerability

Share

CVE-2014-5212 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy