Security Vulnerability: eDirectory Cross Site Scripting exploit

  • 7011539
  • 18-Dec-2012
  • 27-Jan-2014


NetIQ eDirectory 8.8.7.X all platforms
NetIQ eDirectory 8.8.6.X all platforms


Specially crafted requests could exploit the site and allow for execution of scripts.


To resolve this issue, please apply eDirectory or newer for eDirectory 8.8.7.X and eDirectory or newer for eDirectory 8.8.6.X on OES2.  For eDirectory 8.8.6 on other platforms, it will be necessary to upgrade to eDirectory 8.8.7.  Stand alone patches are available from

Additional Information

This vulnerability was reported by specialists at Positive Research, the Positive Technologies company research center.