Vulnerability Details CVE-2013-6745
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.4%
CVSS Severity
CVSS v2 Score 3.5
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21660569
- http://www.securityfocus.com/bid/64475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89861
- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us
- http://www-01.ibm.com/support/docview.wss?uid=swg21660569
- http://www.securityfocus.com/bid/64475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89861
- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_access_manager_for_enterprise_single_sign_on_cross_site_scripting_vulnerability_cve_2013_6745?lang=en_us
Products affected by CVE-2013-6745
-
cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2