CVE-2018-1347
CWE-79Published: March 21, 2018· Updated: Jun 17, 2026
Official Description
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
Technical Analysis
CVE-2018-1347 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A successful exploit results in full integrity compromise (data manipulation), with a CVSS base score of 5.3.
From a weakness classification perspective (CWE-79): Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (4)
Quick Facts
Related CVEs (CWE-79)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2018-1347 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts