CVE-2016-0293Cross-site Scripting in IBM Bigfix Platform

CWE-79Cross-site Scripting7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 54.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Bigfix Platform
Timeline
PublishedSep 1
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDibm/bigfix_platform17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-prmx-mwvh-g5wx: Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 92022-05-17
CVEList
CVE-2016-0293: Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 92016-09-01

💬Community

2
HackerOne
Bleichenbacher oracle in SSLv2 (CVE-2016-0704)2016-06-01
HackerOne
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)2016-06-01
CVE-2016-0293 — Cross-site Scripting in IBM | cvebase