HTML Injection Vulnerability in IBM BigFix Compliance
CVE-2017-1202
5.4MEDIUM
Summary
IBM BigFix Compliance versions 1.7 through 1.9.91 are susceptible to a security flaw that allows remote attackers to inject malicious HTML code. When an unsuspecting user views this injected content, the HTML executes within their web browser under the security permissions of the affected site. This vulnerability poses a risk as it can be exploited to deliver harmful scripts and compromise user data.
Affected Version(s)
BigFix Compliance 1.7
BigFix Compliance 1.9.91
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved