Cross-Site Scripting Vulnerability in IBM ENOVIA 6
CVE-2010-4589

Currently unrated

Key Information:

Vendor: IBM
Status: Enovia
Vendor: CVE Published:; 22 December 2010

Summary

A Cross-Site Scripting (XSS) vulnerability exists in IBM ENOVIA 6, enabling remote attackers to exploit the emxFramework.FilterParameterPattern property to inject arbitrary web scripts or HTML. This flaw can be leveraged by attackers to execute malicious scripts in the context of users, potentially leading to data theft or session hijacking.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1HE02563

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?crawler=1&uid=s...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/3211

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 22, 2010
Vulnerability Reserved
Dec 22, 2010