CVE-2016-3003

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
ibmconnections
4.0.0.0
ibmconnections
4.5.0.0
ibmconnections
5.0.0.0
ibmconnections
5.5.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
http://www.securityfocus.com/bid/93161
https://www-01.ibm.com/support/docview.wss?uid=swg21989067
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
http://www.securityfocus.com/bid/93161
https://www-01.ibm.com/support/docview.wss?uid=swg21989067