CVE-2016-5944

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_control:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_control:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_control:5.2.10.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-09-26 04:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-5944

Mitre link : CVE-2016-5944

CVE.ORG link : CVE-2016-5944


JSON object : View

Products Affected

ibm

  • tivoli_storage_productivity_center
  • spectrum_control
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')