Multiple Cross-Site Scripting Vulnerabilities in IBM Tivoli Provisioning Manager Express
CVE-2007-6407

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Express
Vendor: CVE Published:; 17 December 2007

Summary

IBM Tivoli Provisioning Manager Express is susceptible to multiple cross-site scripting (XSS) vulnerabilities. These flaws enable remote attackers to inject arbitrary web scripts or HTML into the application. Specifically, attackers can exploit the 'assess modification' process, manipulate user-id fields, and use other unspecified inputs via the /tpmx URI, potentially compromising user data and application integrity.

References

http://www.securityfocus.com/archive/1/484607/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1019045

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/38864

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 17, 2007
Vulnerability Reserved
Dec 17, 2007