Vulnerability Details CVE-2014-8893
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.0%
CVSS Severity
CVSS v2 Score 3.5
References
- http://secunia.com/advisories/62674
- http://www-01.ibm.com/support/docview.wss?uid=swg21694767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99012
- http://secunia.com/advisories/62674
- http://www-01.ibm.com/support/docview.wss?uid=swg21694767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99012
Products affected by CVE-2014-8893
-
cpe:2.3:a:ibm:tririga_application_platform:3.2.1
-
cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0
-
cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1
-
cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2
-
cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0
-
cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1
-
cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0