CVE-2014-0893

IBM Smartcloud Control Desk - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

References (3)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21670870

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/91287

Scores

EPSS 0.0027

EPSS Percentile 49.9%

Details

CWE

CWE-79

Status published

Products (16)

ibm/smartcloud_control_desk

ibm/maximo_asset_management

ibm/smartcloud_control_desk

... and 6 more

Published May 26, 2014

Tracked Since Feb 18, 2026