Cross site scripting

2016-01-0205:59:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CPENameOperatorVersion
maximo_asset_managementeq7.5
maximo_asset_managementeq7.6
maximo_asset_management_essentialseq7.5
maximo_for_governmenteq7.5
maximo_for_life_scienceseq7.6
maximo_for_life_scienceseq7.5
maximo_for_nuclear_powereq7.5
maximo_for_oil_and_gaseq7.5
maximo_for_transportationeq7.5
maximo_for_utilitieseq7.5

Name	Operator	Version
maximo_asset_management	eq	7.5
maximo_asset_management	eq	7.6
maximo_asset_management_essentials	eq	7.5
maximo_for_government	eq	7.5
maximo_for_life_sciences	eq	7.6
maximo_for_life_sciences	eq	7.5
maximo_for_nuclear_power	eq	7.5
maximo_for_oil_and_gas	eq	7.5
maximo_for_transportation	eq	7.5
maximo_for_utilities	eq	7.5