CVE-2016-0221

MEDIUM

IBM Cognos TM1 <10.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (3)

Scores

CVSS v3 5.4
EPSS 0.0020
EPSS Percentile 41.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (5)

ibm/cognos_business_intelligence
ibm/cognos_business_intelligence
ibm/cognos_business_intelligence
ibm/cognos_business_intelligence
ibm/cognos_business_intelligence

Timeline

Published Jul 03, 2016
Tracked Since Feb 18, 2026