CVE-2024-52892
published 2025-02-06CVE-2024-52892: IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | jazz_for_service_management | >= 1.1.3 < 1.1.3.24 | 1.1.3.24 |
| ibm | jazz_for_service_management | 1.1.3 – 1.1.3.23 | — |
| phpseclib | phpseclib | >= 0 < 1.0.1-3ubuntu0.1+esm1 | 1.0.1-3ubuntu0.1+esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.9-1ubuntu0.1~esm1 | 1.0.9-1ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.18-2ubuntu0.1~esm1 | 1.0.18-2ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.20-1ubuntu0.1~esm1 | 1.0.20-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv7.5HIGH