CVE-2016-2912

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Rational Publishing Engine
Vendor
CVE Published:
8 August 2016

Summary

Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21988263
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92335
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.