Unrated severityNVD Advisory· Published Aug 6, 2004· Updated Apr 16, 2026

CVE-2004-0672

Description

Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.

Affected products

Netegrity/Identityminder3 versions
cpe:2.3:a:netegrity:identityminder:web_5.6:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:netegrity:identityminder:web_5.6:*:*:*:*:*:*:*
- cpe:2.3:a:netegrity:identityminder:web_5.6_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:netegrity:identityminder:web_5.6_sp2:*:*:*:*:*:*:*
Netegrity/Policy Server
cpe:2.3:a:netegrity:policy_server:5.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/10645nvdExploit
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/16618nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000