Cross-site Scripting Vulnerability in IBM Cognos 8 Business Intelligence
CVE-2011-0486

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos 8 Business Intelligence
Vendor: CVE Published:; 18 January 2011

Summary

A cross-site scripting (XSS) vulnerability exists in the cognos.cgi script of IBM Cognos 8 Business Intelligence versions prior to FP1. This vulnerability allows remote attackers to execute arbitrary web scripts or HTML by manipulating the pathinfo parameter. Successful exploitation could lead to unauthorized actions on behalf of users, potentially compromising sensitive data and system integrity.

References

http://www.securityfocus.com/bid/45781

vdb-entryx_refsource_BID

http://securitytracker.com/id?1024954

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/64660

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 18, 2011
Vulnerability Reserved
Jan 18, 2011