CVE-2016-3006

EUVD-2016-4079
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
ibmconnections
4.0.0.0
ibmconnections
4.5.0.0
ibmconnections
5.0.0.0
ibmconnections
5.5.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
http://www.securityfocus.com/bid/93167
https://www-01.ibm.com/support/docview.wss?uid=swg21989067
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
http://www.securityfocus.com/bid/93167
https://www-01.ibm.com/support/docview.wss?uid=swg21989067