CVE-2014-3033

IBM Emptoris Sourcing Portfolio - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21680665

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/93192

[Third Party Advisory] http://secunia.com/advisories/60481

Scores

EPSS 0.0019

EPSS Percentile 40.5%

Details

CWE

CWE-79

Status published

Products (14)

ibm/emptoris_sourcing_portfolio

... and 4 more

Published Aug 26, 2014

Tracked Since Feb 18, 2026