Cross site scripting

2020-04-1516:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 175841.

CPENameOperatorVersion
qradar_security_information_and_event_managerge7.3.0
qradar_security_information_and_event_managerlt7.3.3
qradar_security_information_and_event_managereq7.3.3
qradar_security_information_and_event_managereq7.3.3 p2
qradar_security_information_and_event_managereq7.3.3 p1

Name	Operator	Version
qradar_security_information_and_event_manager	ge	7.3.0
qradar_security_information_and_event_manager	lt	7.3.3
qradar_security_information_and_event_manager	eq	7.3.3
qradar_security_information_and_event_manager	eq	7.3.3 p2
qradar_security_information_and_event_manager	eq	7.3.3 p1