CVE-2013-0477

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.0MEDIUM

EPSS

0.4%

top 38.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management Collaboration Server IBM Infosphere Master Data Management Server FOR Product Information Management

Timeline

PublishedFeb 21

Latest updateMay 5

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/infosphere_master_data_management_collaboration_server10.0.0, 10.0.1+1

▶NVDibm/infosphere_master_data_management6.0.0, 9.0.0, 9.1.0+2

🔴Vulnerability Details

GHSA

GHSA-x8qq-pfhv-wr9j: Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10↗2022-05-05

▶

CVEList

CVE-2013-0477: Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10↗2013-02-21

▶