exploitDog

GHSA-q8pr-7mmw-qmfp

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Ссылки

EPSS

Процентиль: 38%

0.00168

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-0316

CVSS3: 5.4

nvd

около 9 лет назад

Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

EPSS

Процентиль: 38%

0.00168

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79