CVE-2015-4959 β€” Cross-site Scripting in IBM Tivoli Federated Identity Manager

CWE-79 β€” Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 49.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Federated Identity Manager
Timeline
PublishedJan 18
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-gmx2-p7cq-hxh3: Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6β†—2022-05-17
β–Ά
CVEList
CVE-2015-4959: Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6β†—2016-01-18
β–Ά
CVE-2015-4959 β€” Cross-site Scripting in IBM | cvebase