Cross-Site Scripting in IBM OmniFind Enterprise Edition
CVE-2010-3890

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

Summary

A cross-site scripting (XSS) vulnerability exists in IBM OmniFind Enterprise Edition prior to version 9.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML code by manipulating the command parameter of the administration interface, particularly evident in the ESAdmin/collection.do endpoint. Exploitation of this vulnerability may lead to unauthorized access, data exposure, or manipulation in web applications relying on the affected versions.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm...

x_refsource_MISC

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Oct 12, 2010