XSS Vulnerability in IBM Forms Experience Builder Affects Multiple Versions
CVE-2016-0370

2.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 September 2016

Summary

A cross-site scripting (XSS) vulnerability exists in IBM Forms Experience Builder versions 8.5.x and 8.6.x prior to version 8.6.3. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML codes through crafted inputs in applications built using this product. If exploited, this could compromise the security of users by potentially leading to session hijacking, unwanted information disclosure, or other malicious actions.

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.