CVE-2016-8999

MEDIUM

IBM InfoSphere Information Server - XSS

Title source: llm

Description

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21995155

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95325

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037563

Scores

CVSS v3 5.4

EPSS 0.0027

EPSS Percentile 50.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (22)

ibm/infosphere_datastage

ibm/infosphere_information_server

ibm/infosphere_information_server_on_cloud

IBM Corporation/InfoSphere Information Server < 8.1

IBM Corporation/InfoSphere Information Server < 8.5

IBM Corporation/InfoSphere Information Server < 8.0

IBM Corporation/InfoSphere Information Server < 8.5.0.1

IBM Corporation/InfoSphere Information Server < 8.7

IBM Corporation/InfoSphere Information Server < 9.1

... and 7 more

Timeline

Published Feb 01, 2017

Tracked Since Feb 18, 2026