XSS Vulnerability in IBM Forms Experience Builder Affects Multiple Versions
CVE-2016-0370
2.7LOW
Summary
A cross-site scripting (XSS) vulnerability exists in IBM Forms Experience Builder versions 8.5.x and 8.6.x prior to version 8.6.3. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML codes through crafted inputs in applications built using this product. If exploited, this could compromise the security of users by potentially leading to session hijacking, unwanted information disclosure, or other malicious actions.
References
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved