# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-22502 |
79 |
|
XSS |
2022-06-24 |
2022-07-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. |
2 |
CVE-2022-22443 |
79 |
|
XSS |
2022-04-28 |
2022-05-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. |
3 |
CVE-2022-22436 |
79 |
|
XSS |
2022-04-21 |
2022-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164. |
4 |
CVE-2022-22435 |
79 |
|
XSS |
2022-04-21 |
2022-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
5 |
CVE-2022-22393 |
|
|
|
2022-05-13 |
2022-05-23 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. |
6 |
CVE-2022-22370 |
79 |
|
XSS |
2022-07-08 |
2022-07-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. |
7 |
CVE-2022-22348 |
352 |
|
|
2022-03-14 |
2022-03-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. |
8 |
CVE-2022-22333 |
120 |
|
Overflow |
2022-02-23 |
2022-03-02 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. |
9 |
CVE-2022-22322 |
79 |
|
XSS |
2022-04-28 |
2022-05-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. |
10 |
CVE-2022-22320 |
79 |
|
XSS |
2022-05-11 |
2022-05-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367. |
11 |
CVE-2021-39079 |
79 |
|
XSS |
2022-02-14 |
2022-02-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. |
12 |
CVE-2021-39068 |
79 |
|
XSS |
2022-04-11 |
2022-04-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. |
13 |
CVE-2021-39059 |
79 |
|
XSS |
2022-05-11 |
2022-05-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619. |
14 |
CVE-2021-39055 |
79 |
|
XSS |
2022-03-14 |
2022-03-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534. |
15 |
CVE-2021-39043 |
79 |
|
XSS |
2022-05-20 |
2022-05-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032. |
16 |
CVE-2021-39038 |
1021 |
|
|
2022-02-24 |
2022-03-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. |
17 |
CVE-2021-38966 |
79 |
|
XSS |
2021-12-21 |
2021-12-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357. |
18 |
CVE-2021-38952 |
79 |
|
XSS |
2022-04-28 |
2022-05-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. |
19 |
CVE-2021-38946 |
79 |
|
XSS |
2022-04-22 |
2022-10-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. |
20 |
CVE-2021-38909 |
79 |
|
XSS |
2021-12-03 |
2022-01-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706. |
21 |
CVE-2021-38903 |
79 |
|
XSS |
2022-04-22 |
2022-06-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691. |
22 |
CVE-2021-38895 |
79 |
|
XSS |
2022-01-10 |
2022-01-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563. |
23 |
CVE-2021-38893 |
79 |
|
XSS |
2021-12-21 |
2021-12-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512. |
24 |
CVE-2021-38883 |
79 |
|
XSS |
2021-12-17 |
2021-12-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. |
25 |
CVE-2021-38870 |
79 |
|
XSS |
2021-09-23 |
2021-09-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. |
26 |
CVE-2021-29878 |
79 |
|
XSS |
2021-10-18 |
2021-10-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581. |
27 |
CVE-2021-29872 |
116 |
|
XSS |
2022-01-18 |
2022-01-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. |
28 |
CVE-2021-29855 |
79 |
|
XSS |
2021-10-06 |
2021-10-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. |
29 |
CVE-2021-29852 |
79 |
|
XSS |
2021-09-01 |
2021-09-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528. |
30 |
CVE-2021-29836 |
79 |
|
XSS |
2021-10-06 |
2021-10-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912. |
31 |
CVE-2021-29834 |
79 |
|
XSS |
2021-09-29 |
2021-10-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. |
32 |
CVE-2021-29822 |
79 |
|
XSS |
2021-07-12 |
2021-07-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204349. |
33 |
CVE-2021-29821 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348. |
34 |
CVE-2021-29820 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347. |
35 |
CVE-2021-29819 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346. |
36 |
CVE-2021-29818 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345. |
37 |
CVE-2021-29817 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343. |
38 |
CVE-2021-29809 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270. |
39 |
CVE-2021-29808 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204269. |
40 |
CVE-2021-29807 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265. |
41 |
CVE-2021-29806 |
79 |
|
XSS |
2021-09-20 |
2021-09-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204264. |
42 |
CVE-2021-29805 |
79 |
|
XSS |
2021-07-12 |
2021-07-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204263. |
43 |
CVE-2021-29804 |
79 |
|
XSS |
2021-07-12 |
2021-07-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204262. |
44 |
CVE-2021-29803 |
79 |
|
XSS |
2021-07-12 |
2021-07-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204164. |
45 |
CVE-2021-29800 |
79 |
|
XSS |
2021-09-23 |
2021-09-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
46 |
CVE-2021-29764 |
79 |
|
XSS |
2021-10-06 |
2021-11-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268. |
47 |
CVE-2021-29752 |
|
|
|
2021-09-16 |
2022-10-08 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780. |
48 |
CVE-2021-29751 |
|
|
+Info |
2021-06-28 |
2022-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779. |
49 |
CVE-2021-29744 |
79 |
|
XSS |
2021-08-27 |
2021-09-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. |
50 |
CVE-2021-29743 |
79 |
|
XSS |
2021-08-30 |
2021-09-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. |