Lucene search
China National Vulnerability DatabaseCNVD-2023-68782HistoryJul 27, 2023 - 12:00 a.m.
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2023-68782)
2023-07-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
ibm
cognos analytics
cross-site scripting
vulnerability
svg
validation
browser
authentication credentials
0.001 Low
EPSS
Percentile
23.8%
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines (IBM). The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics suffers from a cross-site scripting vulnerability that stems from improper validation of SVG files in custom visualizations. An attacker could use the vulnerability to execute scripts in the victim’s browser and steal their authentication credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm ibm cognos analytics >=11.1.0, | lt | 11.1.7 |
Related
cve
cve
CVE-2023-28530
2023-07-22 02:15:47
prion
prion
Cross site scripting
2023-07-22 02:15:00
nvd
nvd
CVE-2023-28530
2023-07-22 02:15:47
cvelist
cvelist
CVE-2023-28530 IBM Cognos Analytics cross-site scripting
2023-07-22 01:47:06
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (7012621)
2023-07-26 00:00:00
