CVE-2014-0825

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
3.5LOW
EPSS
0.2%
top 59.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
IBM Change AND Configuration Management DatabaseIBM Maximo Asset ManagementIBM Maximo Service Desk+3 more
Timeline
PublishedMay 26
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages6 packages

NVDibm/maximo_asset_management18 versions+17
NVDibm/tivoli_it_asset_management7.1.1.11, 7.1.1.12, 7.1.1.7+2
NVDibm/maximo_service_desk7.1.1.11, 7.1.1.12, 7.1.1.7+2

🔴Vulnerability Details

2
GHSA
GHSA-3j94-c55m-42mx: Cross-site scripting (XSS) vulnerability in openreport2022-05-17
CVEList
CVE-2014-0825: Cross-site scripting (XSS) vulnerability in openreport2014-05-26