CVE-2023-32332

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 84.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Application Suite IBM Maximo Asset Management

Timeline

PublishedSep 8

Description

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5ibm/maximo_asset_management7.6.1.2, 7.6.1.3

▶NVDibm/maximo_asset_management7.6.1.2, 7.6.1.3+1

▶CVEListV5ibm/maximo_application_suite8.9, 8.10

▶NVDibm/maximo_application_suite8.10, 8.9+1

🔴Vulnerability Details

CVEList

IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection↗2023-09-08

▶

GHSA

GHSA-9495-x92x-h52j: IBM Maximo Application Suite 8↗2023-09-08

▶