CVE-2014-3071

IBM Infosphere Information Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

References (5)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1JR50453

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21677719

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/93786

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68781

[Third Party Advisory] http://secunia.com/advisories/59267

Scores

EPSS 0.0032

EPSS Percentile 54.8%

Details

CWE

CWE-79

Status published

Products (2)

ibm/infosphere_information_server

n/a/n/a

Published Jul 26, 2014

Tracked Since Feb 18, 2026