The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Quest Software ActiveRoles Direct

computer vulnerability 11535

Quest ActiveRoles Server: six vulnerabilities

Synthesis of the vulnerability

Six vulnerabilities of Quest ActiveRoles Server can be used by an attacker to obtain information or to create a Cross Site Scripting.
Impacted products: ActiveRoles Server.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 11/04/2012.
Identifiers: BID-52965, SOL87841, TF00174663, TF00188526, TF00188528, TF00188529, TF00188533, TF00188534, VIGILANCE-VUL-11535.

Description of the vulnerability

Six vulnerabilities were announced in Quest ActiveRoles Server.

An attacker can use "Select Groups", in order to obtain information on group properties. [severity:2/4; TF00174663]

An attacker can generate a Cross Site Scripting in the Active Directory interface. [severity:2/4; BID-52965, TF00188526]

An attacker can generate a Cross Site Scripting in GenerateForm.aspx. [severity:2/4; BID-52965, TF00188528]

An attacker can generate a Cross Site Scripting in SelectGroup.aspx. [severity:2/4; BID-52965, TF00188529]

An attacker can generate a Cross Site Scripting in d-LogonHours.aspx. [severity:2/4; BID-52965, TF00188533]

An attacker can generate an error in the ADObjectPickerTreeLoader.aspx page, in order to obtain information. [severity:2/4; TF00188534]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.