Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21628851 - Vendor Advisory | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21628852 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/80629 - |
Information
Published : 2013-04-23 11:47
Updated : 2024-11-21 01:45
NVD link : CVE-2012-5949
Mitre link : CVE-2012-5949
CVE.ORG link : CVE-2012-5949
JSON object : View
Products Affected
ibm
- tririga_application_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')