CVE-2011-1395

IBM Maximo <7.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.

References (5)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21584666

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71996

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52333

[Third Party Advisory] http://secunia.com/advisories/48299

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Classification

CWE

CWE-79

Status published

Affected Products (7)

ibm/maximo_asset_management

ibm/maximo_asset_management_essentials

n/a/n/a

Timeline

Published Mar 13, 2012

Tracked Since Feb 18, 2026