Cross site scripting

2015-10-0402:59:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%

JSON

Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CPENameOperatorVersion
tivoli_storage_flashcopy_managerge3.1.0.0
tivoli_storage_flashcopy_managerlt3.1.1.3
tivoli_storage_flashcopy_managerge3.2.0.0
tivoli_storage_flashcopy_managerlt3.2.0.6
tivoli_storage_flashcopy_managerge4.1.0.0
tivoli_storage_flashcopy_managerle4.1.3.0
tivoli_storage_manager_for_virtual_environmentsge6.3.0.0
tivoli_storage_manager_for_virtual_environmentslt6.3.2.5
tivoli_storage_manager_for_virtual_environmentsge6.4.0.0
tivoli_storage_manager_for_virtual_environmentslt6.4.3.1

Name	Operator	Version
tivoli_storage_flashcopy_manager	ge	3.1.0.0
tivoli_storage_flashcopy_manager	lt	3.1.1.3
tivoli_storage_flashcopy_manager	ge	3.2.0.0
tivoli_storage_flashcopy_manager	lt	3.2.0.6
tivoli_storage_flashcopy_manager	ge	4.1.0.0
tivoli_storage_flashcopy_manager	le	4.1.3.0
tivoli_storage_manager_for_virtual_environments	ge	6.3.0.0
tivoli_storage_manager_for_virtual_environments	lt	6.3.2.5
tivoli_storage_manager_for_virtual_environments	ge	6.4.0.0
tivoli_storage_manager_for_virtual_environments	lt	6.4.3.1