CVE-2016-8935

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 46.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Kenexa LMS ON Cloud IBM Kenexa LMS

Timeline

PublishedMar 31

Latest updateMay 17

Description

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm_corporation/kenexa_lms_on_cloud9 versions+8

▶NVDibm/kenexa_lms6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-h58h-fv85-wcv9: IBM Kenexa LMS on Cloud 13↗2022-05-17

▶

CVEList

CVE-2016-8935: IBM Kenexa LMS on Cloud 13↗2017-03-31

▶

💬Community

Bugzilla

CVE-2015-8935 php: HTTP response splitting in header() function↗2016-06-22

▶