Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS
Vulnerability Description
Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.
The vulnerability is responsibly disclosed to the vendor and fixed in the latest version. The CVE request is filed after consent from the vendor.
Vulnerability Type
Cross Site Scripting (XSS)
Affected Vendor
ForgeRock
Affected Product Code Base
ForgeRock Identity Manager - 6.5.0.4, 6.0.0.6. Fixed version - 7.0.0
Affected Component
admin UI - Dashboards, progressiveProfileForms
Attack Type
Remote
Impact Information Disclosure
true
Attack Vectors
To exploit this vulnerability, user has to visit dashboard UI or progressiveProfileForms UI in the ForgeRock Identity Manager.
https://forgerock.com:9443/admin/#managed/
https://forgerock.com:9443/admin/#progressiveProfileForms/edit/
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Gajendra Kumar K M
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.