CVE-2016-0255

2017-05-0519:00:00

ibm

www.cve.org

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 110564.

CNA Affected

[
  {
    "product": "Marketing Platform",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "9.1, 9.1.1, 9.1.2, 10.0"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg22001950

www.securityfocus.com/bid/98336