Cross site scripting

2018-04-2715:29:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691.

CPENameOperatorVersion
bigfix_platformge9.2
bigfix_platformle9.2.13
bigfix_platformge9.5
bigfix_platformle9.5.8

Name	Operator	Version
bigfix_platform	ge	9.2
bigfix_platform	le	9.2.13
bigfix_platform	ge	9.5
bigfix_platform	le	9.5.8

References

www.ibm.com/support/docview.wss?uid=swg22015754

exchange.xforce.ibmcloud.com/vulnerabilities/140691