Cross-Site Scripting Vulnerability in IBM Forms Experience Builder
CVE-2014-6169

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Forms Experience Builder
Vendor: CVE Published:; 12 April 2018

What is CVE-2014-6169?

The vulnerability in IBM Forms Experience Builder versions 8.5.0 and 8.5.1 allows attackers to execute arbitrary web scripts or HTML, which can compromise user sessions, redirect users to malicious sites, or display harmful content. This happens through unspecified vectors that inadvertently accept untrusted input, making it a significant risk for organizations utilizing these versions of the software.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/97777

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/103761

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2018
Vulnerability Reserved
Sep 2, 2014