Cross-Site Scripting Vulnerability in IBM Jazz Foundation
CVE-2023-45181

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Jazz Foundation
Vendor: CVE Published:; 25 November 2024

Summary

The IBM Jazz Foundation, specifically version 7.0.2 and earlier, is susceptible to a cross-site scripting vulnerability that enables the injection of arbitrary JavaScript code into the Web user interface. This flaw may compromise the integrity of user sessions, allowing attackers to manipulate web content and potentially expose sensitive information, including user credentials. Promptly addressing this vulnerability is essential to safeguard against unauthorized access within trusted environments.

References

https://www.ibm.com/support/pages/node/7176207

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 25, 2024