CVE-2015-8531
MEDIUMIBM Security Access Manager for Web <9.0.0.1-8.0.1.3 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Scores
CVSS v3
6.1
EPSS
0.0022
EPSS Percentile
45.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Affected Products (8)
ibm/security_access_manager_9.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
ibm/security_access_manager_for_web_8.0_firmware
Timeline
Published
Feb 15, 2016
Tracked Since
Feb 18, 2026