A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.Referenceshttps://bugzilla.suse.com/show_bug.cgi?id=1031853https://www.novell.com/support/kb/doc.php?id=7019893
