CVE-2016-3006

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-09-26 04:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-3006

Mitre link : CVE-2016-3006

CVE.ORG link : CVE-2016-3006


JSON object : View

Products Affected

ibm

  • connections
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')