CVE-2014-3035

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
3.5LOW
EPSS
0.2%
top 59.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Emptoris Spend Analysis
Timeline
PublishedAug 26
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/emptoris_spend_analysis9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-88p2-fc6p-7wrr: Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 92022-05-17
CVEList
CVE-2014-3035: Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 92014-08-26
CVE-2014-3035 (LOW CVSS 3.5) | Cross-site scripting (XSS) vulnerab | cvebase.io