CVE-2016-0261

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 12 March 2018

Summary

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/110604

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21981103

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2018
Vulnerability Reserved
Dec 8, 2015