Cross Site Scripting vulnerability (CVE-2015-5968)

  • Document ID:7017078
  • Creation Date:11-Dec-2015
  • Modified Date:16-Dec-2015
    • Micro Focus Products:
      Filr

Environment

Novell Filr 1.2

Situation

A cross site scripting (XSS) vulnerability was found in Filr 1.2 that may allow arbitrary javascript to execute in the context of a user's session if a logged-in user clicks on a specially crafted link from an attacker.

Resolution

A fix for this issue is available in the Filr 1.2 Hot Patch 4, available via the Novell Patch Finder.

Additional Information

CVE Number:
CVE-2015-5968

Reporter Credits:
This security vulnerability was found by Dr. Erlijn van Genuchten (erlijn.vangenuchten@syss.de) of the SySS GmbH.