Cross-site Scripting Vulnerability in IBM Emptoris Contract Management
CVE-2014-3034

Currently unrated

Key Information:

Vendor: IBM
Status: Emptoris Contract Management
Vendor: CVE Published:; 26 August 2014

Summary

A cross-site scripting (XSS) vulnerability exists in IBM Emptoris Contract Management that allows remote authenticated users to inject arbitrary web scripts or HTML via a crafted URL. This vulnerability may compromise the security of web applications and can be exploited by attackers to execute malicious scripts in the context of the user's browser, potentially leading to unauthorized actions or data exposure.

References

http://secunia.com/advisories/60479

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/93193

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21680370

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 26, 2014
Vulnerability Reserved
Apr 29, 2014