Описание
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_control:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_control:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_control:5.2.10.1:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.1:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00197
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
EPSS
Процентиль: 42%
0.00197
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79