CVE-2014-8917

Currently unrated

Key Information:

Vendor: IBM
Status: Social Media Analytics
Vendor: CVE Published:; 28 January 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://secunia.com/advisories/62590

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/99303

vdb-entryx_refsource_XF

http://secunia.com/advisories/62837

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 28, 2015
Vulnerability Reserved
Nov 14, 2014