Cross-Site Scripting Vulnerability in IBM AppScan Enterprise Edition
CVE-2015-1952

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Security Appscan
Vendor: CVE Published:; 16 April 2018

What is CVE-2015-1952?

An XSS vulnerability exists in IBM AppScan Enterprise Edition 9.0.x versions prior to 9.0.2 iFix 001, enabling remote attackers to inject malicious web scripts or HTML. This flaw can lead to unauthorized actions or data exposure through compromised user interactions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/103416

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21883124

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2018
Vulnerability Reserved
Feb 19, 2015