Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM25372E8CB6CEAFC4375A6AF8544B344A68645BEE81B1B3A1D8F08CAAC19D1913
HistoryNov 05, 2021 - 9:06 p.m.

Security Bulletin: XSS vulerability in Dojo affects IBM Tivoli Business Service Manager (CVE-2018-15494)

2021-11-0521:06:45
www.ibm.com
13

0.005 Low

EPSS

Percentile

77.0%

JSON

Summary

Dojo Toolkit is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Dojo Toolkit has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2018-15494
**DESCRIPTION:**Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Business Service Manager 6.2.0-6.2.0.3 IF1

Remediation/Fixes

Product VRMF APAR Remediation
IBM Tivoli Business Service Manager 6.2.0 6.2.0.3 IF IJ32982 Upgrade to Upgrade to IBM Tivoli Business Service Manager 6.2.0.3 IF2

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli business service managereq6.2.0

Related

openvas 1
ubuntucve 1
ibm 30
cvelist 1
redhatcve 1
debian 1
nvd 1
prion 1
debiancve 1
osv 3
veracode 1
cve 1
nessus 1
zdt 1
github 1
packetstorm 1
openvas
openvas
Debian: Security Advisory (DLA-1492-1)
2018-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-15494
2018-08-18 00:00:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-10-28 16:30:15
Security Bulletin: Vulnerability in Dojo may affect IBM CΓΊram Social Program Management (CVE-2018-15494)
2021-11-25 17:06:40
Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)
2022-11-07 11:12:59
cvelist
cvelist
CVE-2018-15494
2018-08-18 02:00:00
redhatcve
redhatcve
CVE-2018-15494
2018-08-23 05:54:01
debian
debian
[SECURITY] [DLA 1492-1] dojo security update
2018-09-03 08:06:10
nvd
nvd
CVE-2018-15494
2018-08-18 02:29:01
prion
prion
Sql injection
2018-08-18 02:29:00
debiancve
debiancve
CVE-2018-15494
2018-08-18 02:29:01
osv
osv
CVE-2018-15494
2018-08-18 02:29:01
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
dojo - security update
2018-09-03 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-08-20 07:17:16
cve
cve
CVE-2018-15494
2018-08-18 02:29:01
nessus
nessus
Debian DLA-1492-1 : dojo security update
2018-09-04 00:00:00
zdt
zdt
Dojo Toolkit 1.13 Cross Site Scripting Vulnerability
2018-08-28 00:00:00
github
github
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
packetstorm
packetstorm
Dojo Toolkit 1.13 Cross Site Scripting
2018-08-27 00:00:00

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for 25372E8CB6CEAFC4375A6AF8544B344A68645BEE81B1B3A1D8F08CAAC19D1913
openvas1ubuntucve1ibm30cvelist1redhatcve1debian1nvd1prion1debiancve1osv3veracode1cve1nessus1zdt1github1packetstorm1