HIGH🇵🇱 Wersja polska

CVE-2025-10280

CVSS 7.1v3.1pub. 2025-11-03upd. 2025-11-12

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Sailpoint Identityiq

    APP
    Sailpoint
    8.38.48.5< 8.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-10905CRITICAL10.0PL ✓ten sam produkt

SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych

CVE-2024-2227CRITICAL10.0PL ✓ten sam produkt

Path Traversal w SailPoint IdentityIQ — dostęp do dowolnych plików serwera

CVE-2023-32217CRITICAL9.0ten sam produkt

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6...

CVE-2026-5712HIGH8.0ten sam produkt

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...

CVE-2024-2228HIGH7.1ten sam produkt

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...