Cross-Site Scripting Vulnerability in IBM Emptoris Spend Analysis
CVE-2014-3035

Currently unrated

Key Information:

Vendor: IBM
Status: Emptoris Spend Analysis
Vendor: CVE Published:; 26 August 2014

Summary

An XSS vulnerability in IBM Emptoris Spend Analysis allows remote authenticated users to inject arbitrary web scripts or HTML through a specially crafted URL, potentially compromising the security of the application. Affected versions include 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4.

References

http://secunia.com/advisories/60480

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21681277

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/93194

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 26, 2014
Vulnerability Reserved
Apr 29, 2014