CVE-2014-3035

IBM Emptoris Spend Analysis - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21681277

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/93194

[Third Party Advisory] http://secunia.com/advisories/60480

Scores

EPSS 0.0019

EPSS Percentile 40.5%

Details

CWE

CWE-79

Status published

Products (10)

ibm/emptoris_spend_analysis

n/a/n/a

Published Aug 26, 2014

Tracked Since Feb 18, 2026