Stored Cross-Site Scripting in IBM QRadar SIEM.
CVE-ID: CVE-2015-7409 **
Description:IBM QRadar is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a field to inject malicious script into a Web page which would be executed in a victimโs Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victimโs cookie-based authentication credentials. **
CVSS Base Score: 5.4**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/107452 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ยท IBM QRadar 7.2.x
ยท QRadar / QRM / QVM / QRIF 7.2.6
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.2 |