CVE-2016-8911

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
ibmkenexa_lms_on_cloud
13.1
ibmkenexa_lms_on_cloud
13.2
ibmkenexa_lms_on_cloud
13.2.2
ibmkenexa_lms_on_cloud
13.2.3
ibmkenexa_lms_on_cloud
13.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg21993982
http://www.securityfocus.com/bid/94325
http://www.ibm.com/support/docview.wss?uid=swg21993982
http://www.securityfocus.com/bid/94325