Cross-Site Scripting Vulnerability in IBM ENOVIA SmarTeam Product
CVE-2010-0959

Currently unrated

Key Information:

Vendor: IBM
Status: Enovia Smarteam
Vendor: CVE Published:; 10 March 2010

Summary

The IBM ENOVIA SmarTeam 5 has a cross-site scripting vulnerability located in the WebEditor/Authentication/LoginPage.aspx file. This flaw allows remote attackers to inject arbitrary web scripts or HTML by exploiting the errMsg parameter. If successful, such attacks can lead to executing malicious scripts in the context of the user's session, potentially compromising sensitive user data and exposing the website to further attacks.

References

http://www.securityfocus.com/archive/1/509975/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/62901

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/38612

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 10, 2010
Vulnerability Reserved
Mar 10, 2010