Vulnerability CVE-2014-3033

Vulnerability CVE-2014-3033

Published: 2014-08-26

Description:

Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
IBM -> Emptoris sourcing portfolio

References:

http://secunia.com/advisories/60481

http://www-01.ibm.com/support/docview.wss?uid=swg21680665

http://xforce.iss.net/xforce/xfdb/93192

Copyright 2024, cxsecurity.com