CVE-2016-0221 — Cross-site Scripting in IBM Cognos Business Intelligence

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 57.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Business Intelligence

Timeline

PublishedJul 3

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDibm/cognos_business_intelligence5 versions+4

🔴Vulnerability Details

GHSA

GHSA-6r6q-5mwq-h2mg: Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10↗2022-05-17

▶

CVEList

CVE-2016-0221: Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10↗2016-07-03

▶

💬Community

Bugzilla

CVE-2016-8706 memcached: SASL authentication remote code execution↗2016-11-01

▶