CVE-2012-2177 — Cross-site Scripting in IBM Cognos Business Intelligence

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 49.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Business Intelligence

Timeline

PublishedMar 5

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/cognos_business_intelligence4 versions+3

🔴Vulnerability Details

GHSA

GHSA-vmg6-34cj-3c66: Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8↗2022-05-17

▶

CVEList

CVE-2012-2177: Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8↗2013-03-02

▶