CVE-2013-4003

Опубликовано: 29 авг. 2013

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tririga_application_platform:*:*:*:*:*:*:*:*

Версия до 3.3.0.1 (включая)

cpe:2.3:a:ibm:tririga_application_platform:2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tririga_application_platform:3.3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00188

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2mvg-5fwf-w2pp

github

больше 3 лет назад