Cross-Site Scripting was found in various fields in the QRadar UI.
CVE-ID: CVE-2016-2869 **Description:**IBM QRadar is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victimโs Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimโs cookie-based authentication credentials. **CVSS Base Score:**5.4 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/112766 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ยท IBM QRadar 7.2.n
ยท IBM QRadar 7.1.n
ยท QRadar / QRM / QVM / QRIF 7.2.7
ยท IBM QRadar SIEM 7.1 MR2 Patch 13
None