CVE-2010-4120

IBM Tivoli Access Manager For E-business - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.

Exploits (11)

exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34907
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34917
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34916
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34915
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34914
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34913
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34912
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34911
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34910
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34909
exploitdb WORKING POC VERIFIED
by IBM · textwebappsmultiple
https://www.exploit-db.com/exploits/34908

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68884
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68892
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68891
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68885
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2774
Exploit, Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68890
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68893
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62750
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44382
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68886
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024633
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68889
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68888
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68894
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68887
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41974

Scores

EPSS 0.0706
EPSS Percentile 91.5%

Details

CWE
CWE-79
Status published
Products (2)
ibm/tivoli_access_manager_for_e-business 6.1.0
ibm/tivoli_access_manager_for_e-business 6.1.1
Published Oct 28, 2010
Tracked Since Feb 18, 2026