CVE-2011-4819

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
ibmmaximo_asset_management
6.2
ibmmaximo_asset_management
7.1
ibmmaximo_asset_management
7.5
ibmmaximo_asset_management_essentials
6.2
ibmmaximo_asset_management_essentials
7.1
ibmmaximo_asset_management_essentials
7.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/48299
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202
http://www.ibm.com/support/docview.wss?uid=swg21584666
http://www.securityfocus.com/bid/52333
https://exchange.xforce.ibmcloud.com/vulnerabilities/72008
http://secunia.com/advisories/48299
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202
http://www.ibm.com/support/docview.wss?uid=swg21584666
http://www.securityfocus.com/bid/52333
https://exchange.xforce.ibmcloud.com/vulnerabilities/72008