CVE-2013-6732 — Cross-site Scripting in IBM Cognos Business Intelligence

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 53.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Business Intelligence

Timeline

PublishedFeb 22

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/cognos_business_intelligence6 versions+5

🔴Vulnerability Details

GHSA

GHSA-4p35-vf8h-253r: Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8↗2022-05-17

▶

CVEList

CVE-2013-6732: Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8↗2014-02-22

▶

💬Community

Bugzilla

CVE-2013-7444 CVE-2015-6737 CVE-2015-6736 CVE-2015-6727 CVE-2015-6733 CVE-2015-6732 CVE-2015-6731 CVE-2015-6730 CVE-2015-6728 CVE-2015-6729 CVE-2015-6735 CVE-2015-6734 mediawiki: multiple security fix↗2015-08-13

▶