Persistent XSS in Filr User Profile (CVE-2016-1609)

  • 7017787
  • 29-Jun-2016
  • 22-Jul-2016

Environment

Novell Filr 2.0
Novell Filr 1.2

Situation

A vulnerability in the user profile handling of Novell Filr may allow a remote authenticated attacker to store XSS in their profile details that will execute when viewed by other users on the Filr system potentially leading to session compromise or other attacks on the targeted users browser.

Resolution

A fix for this issue is available in the Filr 2.0 Security Update 2 and Filr 1.2 Security Update 3, available via the Novell Patch Finder.

CVE-2016-1609.
Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.