Cross-Site Scripting Vulnerabilities in IBM Dojo Toolkit for Social Media Analytics
CVE-2014-8917

Currently unrated

Key Information:

Vendor: IBM
Status: Social Media Analytics
Vendor: CVE Published:; 28 January 2015

Summary

The IBM Dojo Toolkit contains multiple vulnerabilities that allow for cross-site scripting attacks. Specifically, flaws within the uploader and file uploader SWF files, as well as audio and video resources, enable remote attackers to inject arbitrary web scripts or HTML via unaddressed vectors. This could potentially lead to unauthorized data exposure or compromised user interactions within applications utilizing the toolkit in IBM Social Media Analytics 1.3 and other products.

References

http://secunia.com/advisories/62590

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/99303

vdb-entryx_refsource_XF

http://secunia.com/advisories/62837

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 28, 2015
Vulnerability Reserved
Nov 14, 2014