CVE-2017-7437 MEDIUM

CVE-2017-7437: Cross site scripting attacks against NetIQ Privileged Account Manager

Vendor Netiq

Product Privileged Account Manager

Weakness CWE-79 · XSS

Published March 5, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.

Key dates

02Disclosure timeline

March 5, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-7437

Related vulnerabilities

04Related CVE

CVE-2025-23619 WordPress Catch Duplicate Switcher plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-32109 WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS) CVE-2025-15659 WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-5347 Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget CVE-2023-26211

Identifiers

CVE CVE-2017-7437

CWE CWE-79

CVSS 4.6 / MEDIUM

Affected versions

Vendor Netiq

Product Privileged Account Manager

Affected ≥ unspecified and < 3.1 Patch Update 3