DOM cross site scripting attack against NetIQ Privileged Account Manager

Vulnerability

NetIQ Privileged Account Manager (NPAM) versions prior to 3.1 Patch Update 3 (3.1.0.3) are vulnerable to a cross-site scripting (XSS) attack. The vulnerability allows JavaScript DOM modification through a supplied cookie parameter, meaning the application does not properly sanitize or validate cookie values before using them in the DOM. [1]

Exploitation

An attacker can craft a malicious cookie value containing JavaScript code. When a victim's browser loads a page in NPAM that reads and uses this cookie parameter without sanitization, the injected script executes in the context of the victim's session. The attacker may deliver the cookie via a link, a cross-site request, or by exploiting another mechanism to set the cookie in the victim's browser. No authentication is required for the XSS to trigger once the cookie is present. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the NPAM application's security context. This can lead to session hijacking, theft of sensitive data, or unauthorized actions on behalf of the victim user. [1]

Mitigation

The vulnerability is fixed in NetIQ Privileged Account Manager 3.1 Patch Update 3 (version 3.1.0.3). Users should upgrade to this version or later. No workarounds are documented in the available references. [1]