Cross site scripting

2014-07-3011:15:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.

CPENameOperatorVersion
maximo_asset_managementeq7.5.0.5
maximo_asset_managementeq7.1.1.5
maximo_asset_managementeq6.2.6.1
maximo_asset_managementeq7.1.1.7
maximo_asset_managementeq6.2.5
maximo_asset_managementeq7.1.1.10
maximo_asset_managementeq6.2.4
maximo_asset_managementeq7.1.1.8
maximo_asset_managementeq7.5.0.4
maximo_asset_managementeq7.1.1.12

Name	Operator	Version
maximo_asset_management	eq	7.5.0.5
maximo_asset_management	eq	7.1.1.5
maximo_asset_management	eq	6.2.6.1
maximo_asset_management	eq	7.1.1.7
maximo_asset_management	eq	6.2.5
maximo_asset_management	eq	7.1.1.10
maximo_asset_management	eq	6.2.4
maximo_asset_management	eq	7.1.1.8
maximo_asset_management	eq	7.5.0.4
maximo_asset_management	eq	7.1.1.12