Novell Open Enterprise Server Cross-Site Scripting (CVE-2014-0598)
Release date:
Updated on:
Affected Systems:
Novell Open Enterprise Server 2 Linux Support Pack
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-0598
Novell Open Enterprise Server is a new generation of Enterprise-level Server operating system.
A cross-site scripting vulnerability exists in versions earlier than Novell Open Enterprise Server Update 9151. Remote attackers can exploit this vulnerability to execute arbitrary HTML and script code in user browser sessions of affected sites.
<* Source: vendor
Link: http://secunia.com/advisories/59113/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.novell.com/support/kb/doc.php? Id = 7010867
This article permanently updates the link address: