CVE-2016-0387
MEDIUMIBM TRIRIGA Application Platform <3.3.2.6, <3.4.2.4, <3.5.0.2 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883.
Scores
CVSS v3
5.4
EPSS
0.0017
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Affected Products (23)
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
ibm/tririga_application_platform
... and 8 more
Timeline
Published
Jul 02, 2016
Tracked Since
Feb 18, 2026