Novell iChain Web Server Failed Login Page Cross-Site Scripting Vulnerability

Novell iChain Web Server Failed Login Page Cross-Site Scripting Vulnerability

It has been reported that Novell iChain Server may be prone to a cross-site scripting vulnerability that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'url=' parameter passed to the failed login page.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.