Cross site scripting

2012-03-1303:12:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.

CPENameOperatorVersion
maximo_asset_managementeq7.5
maximo_asset_managementeq7.1
maximo_asset_managementeq6.2
maximo_asset_management_essentialseq6.2
maximo_asset_management_essentialseq7.5
maximo_asset_management_essentialseq7.1

Name	Operator	Version
maximo_asset_management	eq	7.5
maximo_asset_management	eq	7.1
maximo_asset_management	eq	6.2
maximo_asset_management_essentials	eq	6.2
maximo_asset_management_essentials	eq	7.5
maximo_asset_management_essentials	eq	7.1