Cross-Site Scripting Vulnerability in IBM Tivoli Continuous Data Protection for Files
CVE-2009-1334

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Continuous Data Protection For Files
Vendor: CVE Published:; 17 April 2009

Summary

A cross-site scripting vulnerability exists in the 'login/FilepathLogin.html' of IBM Tivoli Continuous Data Protection for Files version 3.1.4.0. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'reason' parameter, potentially compromising the security of user sessions and sensitive information.

References

http://secunia.com/advisories/34646

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/53651

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/34513

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 17, 2009
Vulnerability Reserved
Apr 17, 2009