Cross site scripting

IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2017-1340

IBM Jazz Reporting Service JRS 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455...

Design/Logic Flaw

IBM Jazz Reporting Service JRS 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788...

Cross site scripting

IBM Jazz Reporting Service JRS 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 12065...

Cross site scripting

IBM Jazz Foundation Reporting Service JRS 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2016-5897

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2016-0313

Cross-site scripting XSS vulnerability in the Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different...

Design/Logic Flaw

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation...

Code injection

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2016-2888

Cross-site scripting XSS vulnerability in the Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different...

CVE-2015-7468

Report Builder in IBM Jazz Reporting Service JRS 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors...