CVE-2020-4775

MEDIUM

IBM Curam Social Program Management 7.0.9 and 7.0.10 - Cross-Site Scripting

Title source: llm
STIX 2.1

Description

A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6346571
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/189153

Scores

CVSS v3 5.4
EPSS 0.0056
EPSS Percentile 42.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
ibm/curam_social_program_management 7.0.9.0
ibm/curam_social_program_management 7.0.10.0
Published Oct 12, 2020
Tracked Since Feb 18, 2026