CVE-2016-9006 — Cross-site Scripting in Corporation Urbancode Deploy

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 46.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Urbancode Deploy IBM Urbancode Deploy

Timeline

PublishedMar 8

Latest updateMay 17

Description

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/urbancode_deploy29 versions+28

▶CVEListV5ibm_corporation/urbancode_deploy45 versions+44

🔴Vulnerability Details

GHSA

GHSA-mmrp-9mc8-ggw4: IBM UrbanCode Deploy 6↗2022-05-17

▶

CVEList

CVE-2016-9006: IBM UrbanCode Deploy 6↗2017-03-08

▶