Vulnerability CVE-2013-3979

Vulnerability CVE-2013-3979

Published: 2013-07-25

Description:

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
IBM -> Star command center

References:

http://xforce.iss.net/xforce/xfdb/84904

http://www-01.ibm.com/support/docview.wss?uid=swg21643067

Copyright 2024, cxsecurity.com