216.73.217.22

CVE-2025-10280

· Published 03/11/2025 17:15 · Modified 12/11/2025 14:49

Labels: CVE-2025-10280 2025-11-03CVE-2025-10280CWE-79[email protected]

Essential information

Published
03/11/2025 17:15
Modified
12/11/2025 14:49
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:*:*:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.3:patch2:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.3:patch4:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.3:patch5:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.4:-:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.4:patch1:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.4:patch2:*:*:*:*:*:*
sailpoint / identityiq cpe:2.3:a:sailpoint:identityiq:8.5:-:*:*:*:*:*:*

References