Cross-site Scripting Vulnerability in IBM Emptoris Sourcing Portfolio
CVE-2014-3033

Currently unrated

Key Information:

Vendor: IBM
Status: Emptoris Sourcing Portfolio
Vendor: CVE Published:; 26 August 2014

Summary

A cross-site scripting vulnerability exists in IBM Emptoris Sourcing Portfolio versions prior to 9.5.1.3, 10.0.0.1, 10.0.1.3, and 10.0.2.4. This issue allows remote authenticated users to inject arbitrary web scripts or HTML through specially crafted URLs, potentially compromising the security of affected systems. Users are advised to review their security practices and upgrade to the patched versions to mitigate risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93192

vdb-entryx_refsource_XF

http://secunia.com/advisories/60481

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21680665

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 26, 2014
Vulnerability Reserved
Apr 29, 2014