NetIQ Access Manager 4.2.2 and 4.3.x prior to 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netiq access manager 4.3 |
||
netiq access manager 4.3.1 |
||
netiq access manager 4.2.2 |