Potential XSS vulnerability with Return to Calling Page URL in ForgotPassword.jsp

Running a report against  IDM User Application (RBPM 3.7 Patch B) showed XSS on multiple pages of the IDM UA password management functions.

This behavior will be fixed in the next public patch for Novell Identity Manager User Application 3.7.0 Public patch C which is scheduled to be released in late May 2010.

To obtain the patch latest public patch please visit Novell's Patch Finder website (dl.netiq.com/patch/finder)and do a seach by entering Identity Manager Roles Based Provisioning Module for the product and select the Identity Manager Roles Based Provisioning version that you are using to obtain the latest patch for the version you are using. Please remember that Identity Manager Roles Based Provisioning Module patches are cumulative so if you find a newer version that is listed in this TID report, it will include the fix.