CVE-2013-4048

2013-09-1618:24:48

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-4048

cross-site scripting

xss

ibm spss

analytical decision management

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.4%

JSON

Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page.

Affected configurations

NVD

Node

ibmspss_analytical_decision_managementMatch6.1.0.0

ibmspss_analytical_decision_managementMatch6.2.0.0

ibmspss_analytical_decision_managementMatch7.0.0.0

CPENameOperatorVersion
ibm:spss_analytical_decision_managementibm spss analytical decision managementeq6.1.0.0
ibm:spss_analytical_decision_managementibm spss analytical decision managementeq6.2.0.0
ibm:spss_analytical_decision_managementibm spss analytical decision managementeq7.0.0.0

CPE	Name	Operator	Version
ibm:spss_analytical_decision_management	ibm spss analytical decision management	eq	6.1.0.0
ibm:spss_analytical_decision_management	ibm spss analytical decision management	eq	6.2.0.0
ibm:spss_analytical_decision_management	ibm spss analytical decision management	eq	7.0.0.0