CVE-2017-1740

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 49.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cram Social Program ManagementIBM Curam Social Program Management
Timeline
PublishedJan 11
Latest updateMay 14

Description

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/cram_social_program_management5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-2fcv-2fq4-45fc: IBM Curam Social Program Management 62022-05-14
CVEList
CVE-2017-1740: IBM Curam Social Program Management 62018-01-11
CVE-2017-1740 (MEDIUM CVSS 5.4) | IBM Curam Social Program Management | cvebase.io