Cross-Site Scripting Vulnerability in IBM Security Access Manager for Enterprise Single Sign-On
CVE-2013-5421

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Enterprise Single Sign-on
Vendor: CVE Published:; 22 December 2013

Summary

A cross-site scripting (XSS) vulnerability exists in the IMS server of IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) version 8.2 before Ifix 6. This weakness allows remote attackers to inject malicious web scripts or HTML into dynamic web forms, potentially leading to unauthorized actions being performed in the context of another user's session. Proper validation and sanitization of user input are essential to mitigate the risk associated with this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87483

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21660210

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 22, 2013
Vulnerability Reserved
Aug 22, 2013