Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
2016-02-15T02:59:14.107
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | ibm | security_access_manager_9.0_firmware | 9.0.0 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.1 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.1 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.1.0 | Yes |
Operating System | ibm | security_access_manager_for_web_8.0_firmware | 8.0.1.2 | Yes |