Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Link | Resource |
---|---|
http://secunia.com/advisories/62674 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21694767 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99012 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-01-29 01:59
Updated : 2024-02-28 12:20
NVD link : CVE-2014-8893
Mitre link : CVE-2014-8893
CVE.ORG link : CVE-2014-8893
JSON object : View
Products Affected
ibm
- tririga_application_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')