CVE-2012-2161

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmsecurity_appscan_source
7.0
ibmsecurity_appscan_source
8.0
ibmsecurity_appscan_source
8.0.0.1
ibmsecurity_appscan_source
8.0.0.2
ibmsecurity_appscan_source
8.5
ibmsecurity_appscan_source
8.5.0.1
ibmspss_data_collection
6.0
ibmspss_data_collection
6.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg21596690
http://www.ibm.com/support/docview.wss?uid=swg21598423
https://exchange.xforce.ibmcloud.com/vulnerabilities/74833
http://www.ibm.com/support/docview.wss?uid=swg21596690
http://www.ibm.com/support/docview.wss?uid=swg21598423
https://exchange.xforce.ibmcloud.com/vulnerabilities/74833