Lucene search
China National Vulnerability DatabaseCNVD-2022-61905HistoryAug 31, 2022 - 12:00 a.m.
IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2022-61905)
2022-08-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
ibm corporation
asset lifecycle management
cross-site scripting
vulnerability
user-supplied data
web ui
javascript
credentials
trusted session
0.001 Low
EPSS
Percentile
19.6%
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM Corporation. A cross-site scripting vulnerability exists in IBM Maximo Asset Management, which stems from the lack of effective filtering and escaping of user-supplied data, and could be exploited by an attacker to embed arbitrary JavaScript in the Web UI code in the Web UI to change the intended functionality, resulting in the disclosure of credentials in a trusted session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| IBM Maximo Asset Management 7. | eq | 6.1.1 | |
| IBM Maximo Asset Management 7. | eq | 6.1.2 |
Related
nvd
nvd
CVE-2022-35714
2022-08-26 18:15:09
ibm
ibm
cvelist
cvelist
CVE-2022-35714
2022-08-25 00:00:00
cve
cve
CVE-2022-35714
2022-08-26 18:15:09
prion
prion
Cross site scripting
2022-08-26 18:15:00