CVE-2015-7423

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 60.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management

Timeline

PublishedMar 26

Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDibm/infosphere_master_data_management5 versions+4

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2pcv-gh22-fcvj: Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9↗2022-05-14

▶

CVEList

CVE-2015-7423: Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9↗2018-03-26

▶

💬Community

Bugzilla

CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load↗2015-01-29

▶