CVE-2018-1921

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 63.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Campaign
Timeline
PublishedJul 17
Latest updateMay 24

Description

IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

â–¶CVEListV5ibm/campaign4 versions+3
â–¶NVDibm/campaign4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-f48q-5685-26cr: IBM Campaign 9↗2022-05-24
â–¶
CVEList
CVE-2018-1921: IBM Campaign 9↗2019-07-17
â–¶

💥Exploits & PoCs

1
Exploit-DB
Core FTP LE 2.2 - Buffer Overflow (PoC)↗2018-07-02
â–¶

💬Community

1
Bugzilla
CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC↗2018-08-08
â–¶
CVE-2018-1921 (MEDIUM CVSS 5.4) | IBM Campaign 9.1.0 | cvebase.io