CVE-2014-3013 — Cross-site Scripting in IBM Curam Social Program Management

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 59.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Curam Social Program Management

Timeline

PublishedJun 18

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/curam_social_program_management16 versions+15

🔴Vulnerability Details

GHSA

GHSA-724c-p358-mw5j: Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4↗2022-05-17

▶

CVEList

CVE-2014-3013: Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4↗2014-06-18

▶

💬Community

Bugzilla

CVE-2014-0485 s3ql: code execution due to unsafe pickle() usage↗2014-08-28

▶