Description
Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Abdul-Aziz Hariri · textwebappsmultiple
https://www.exploit-db.com/exploits/32908
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34646
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/53651
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34513
Exploit, URL Repurposed x_refsource_misc
http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022060
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49872
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1021
Scores
EPSS
0.0708
EPSS Percentile
91.6%
Details
CWE
CWE-79
Status
published
Products (1)
ibm/tivoli_continuous_data_protection_for_files
3.1.4.0
Published
Apr 17, 2009
Tracked Since
Feb 18, 2026