CVE-2013-0464

{"id": "CVE-2013-0464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-06-03T23:55:00.890", "references": [{"url": "http://secunia.com/advisories/54971", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/55115", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637954", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/60246", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81060", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/54971", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55115", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637954", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/60246", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81060", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en IBM Eclipse Help System (IEHS) v3.4.3 y v3.6.2, como es usado en IBM SPSS Data Collection v6.0, v6.0.1, y v7.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL modificada."}], "lastModified": "2024-11-21T01:47:38.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:eclipse_help_system:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6E7223-68F8-4EA6-B2ED-D13C08C52C4A"}, {"criteria": "cpe:2.3:a:ibm:eclipse_help_system:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E459035E-B741-4662-A7D9-C718EA81751D"}, {"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED735680-3700-4744-857C-EA2F005D89E6"}, {"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "673496DB-11BB-4FEB-9772-175F5D45859F"}, {"criteria": "cpe:2.3:a:ibm:spss_data_collection:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "098BF27F-EF50-4599-AE6D-37BF29A4FBEF"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}