HTML Injection Vulnerability in IBM Campaign Products
CVE-2017-1115

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
7 September 2018

Summary

IBM Campaign versions 9.1, 9.1.2, and 10 are susceptible to a vulnerability that allows remote attackers to inject malicious HTML code. When this code is rendered in the browser of a victim, it executes within the security context of the affected site, potentially leading to unwanted actions or data exposure.

Affected Version(s)

Campaign 9.1

Campaign 9.1.2

Campaign 10

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.