CVE-2017-1372

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 58.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tririga Application Platform

Timeline

PublishedJul 21

Latest updateMay 17

Description

IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/tririga_application_platform9 versions+8

▶NVDibm/tririga_application_platform35 versions+34

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vmvr-77mv-hgp7: IBM TRIRIGA Application Platform 3↗2022-05-17

▶

CVEList

CVE-2017-1372: IBM TRIRIGA Application Platform 3↗2017-07-21

▶

💥Exploits & PoCs

Exploit-DB

Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures↗2017-12-11

▶