{"api_version":"1","generated_at":"2026-07-09T07:26:26+00:00","cve":"CVE-2010-4324","urls":{"html":"https://cve.report/CVE-2010-4324","api":"https://cve.report/api/cve/CVE-2010-4324.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-4324","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-4324"},"summary":{"title":"CVE-2010-4324","description":"Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2011-01-07 19:00:17","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://bugzilla.novell.com/show_bug.cgi?id=653516","name":"https://bugzilla.novell.com/show_bug.cgi?id=653516","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64501","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64501","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/0038","name":"http://www.vupen.com/english/advisories/2011/0038","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/42819","name":"http://secunia.com/advisories/42819","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Novell Identity Manager Cross-Site Scripting Vulnerability - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/70298","name":"http://osvdb.org/70298","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/45692","name":"http://www.securityfocus.com/bid/45692","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Novell Identity Manager Unspecified Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1024941","name":"http://www.securitytracker.com/id?1024941","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Novell Identity Manager Input Validation Flaw in Approval Form Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html","name":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IDM Roles Based Provisioning Module 370 Field Patch D","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-4324","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4324","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"4324","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"identity_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4324","vulnerable":"1","versionEndIncluding":"3.7.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"identity_manager_roles_based_provisioning_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T03:43:13.758Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"70298","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/70298"},{"name":"ADV-2011-0038","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2011/0038"},{"name":"45692","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/45692"},{"name":"42819","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/42819"},{"name":"1024941","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1024941"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.novell.com/show_bug.cgi?id=653516"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html"},{"name":"novell-approval-form-xss(64501)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64501"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-01-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"70298","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/70298"},{"name":"ADV-2011-0038","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2011/0038"},{"name":"45692","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/45692"},{"name":"42819","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/42819"},{"name":"1024941","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1024941"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.novell.com/show_bug.cgi?id=653516"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html"},{"name":"novell-approval-form-xss(64501)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64501"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2010-4324","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"70298","refsource":"OSVDB","url":"http://osvdb.org/70298"},{"name":"ADV-2011-0038","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/0038"},{"name":"45692","refsource":"BID","url":"http://www.securityfocus.com/bid/45692"},{"name":"42819","refsource":"SECUNIA","url":"http://secunia.com/advisories/42819"},{"name":"1024941","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1024941"},{"name":"https://bugzilla.novell.com/show_bug.cgi?id=653516","refsource":"CONFIRM","url":"https://bugzilla.novell.com/show_bug.cgi?id=653516"},{"name":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html","refsource":"CONFIRM","url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.html"},{"name":"novell-approval-form-xss(64501)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64501"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2010-4324","datePublished":"2011-01-07T18:00:00.000Z","dateReserved":"2010-11-29T00:00:00.000Z","dateUpdated":"2024-08-07T03:43:13.758Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-01-07 19:00:17","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:novell:identity_manager:*:*:*:*:*:*:*:*","matchCriteriaId":"2B15CB5E-A7FD-4917-9A7D-99598BEE202A"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:*:*:*:*:*:*:*:*","versionEndIncluding":"3.7.0","matchCriteriaId":"3609B364-9152-4448-A156-041BF5D289ED"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"4324","Ordinal":"1","Title":"CVE-2010-4324","CVE":"CVE-2010-4324","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"4324","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":"CVE-2010-4324"},{"CveYear":"2010","CveId":"4324","Ordinal":"2","NoteData":"2011-01-07","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"4324","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}