XSS Vulnerability in IBM Forms Experience Builder Affects Multiple Versions
CVE-2016-0370

2.7LOW

Key Information:

Vendor

IBM
Status
Forms Experience Builder
Vendor
CVE Published:
1 September 2016

What is CVE-2016-0370?

A cross-site scripting (XSS) vulnerability exists in IBM Forms Experience Builder versions 8.5.x and 8.6.x prior to version 8.6.3. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML codes through crafted inputs in applications built using this product. If exploited, this could compromise the security of users by potentially leading to session hijacking, unwanted information disclosure, or other malicious actions.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21988726
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1LO88449
vendor-advisoryx_refsource_AIXAPAR
http://www.securityfocus.com/bid/92471
vdb-entryx_refsource_BID

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.