CVE-2016-0322
MEDIUMIBM Connections <5.5 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.
Scores
CVSS v3
5.4
EPSS
0.0017
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Affected Products (4)
ibm/connections
ibm/connections
ibm/connections
ibm/connections
Timeline
Published
Jun 30, 2016
Tracked Since
Feb 18, 2026