CVE-2016-0316
MEDIUMIBM Jazz Reporting Service <6.0.2 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Scores
CVSS v3
5.4
EPSS
0.0017
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (4)
ibm/jazz_reporting_service
ibm/jazz_reporting_service
ibm/jazz_reporting_service
n/a/n/a
Timeline
Published
Nov 25, 2016
Tracked Since
Feb 18, 2026