CVE-2020-4775
MEDIUMIBM Curam Social Program Management 7.0.9 and 7.0.10 - Cross-Site Scripting
Title source: llmDescription
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6346571
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/189153
Scores
CVSS v3
5.4
EPSS
0.0056
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
ibm/curam_social_program_management
7.0.9.0
ibm/curam_social_program_management
7.0.10.0
Published
Oct 12, 2020
Tracked Since
Feb 18, 2026