CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-0350

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2016-0350

Ibm » Jazz Reporting Service » Version: 5.0

cpe:2.3:a:ibm:jazz_reporting_service:5.0
Ibm » Jazz Reporting Service » Version: 5.0.1

cpe:2.3:a:ibm:jazz_reporting_service:5.0.1
Ibm » Jazz Reporting Service » Version: 5.0.2

cpe:2.3:a:ibm:jazz_reporting_service:5.0.2
Ibm » Jazz Reporting Service » Version: 6.0

cpe:2.3:a:ibm:jazz_reporting_service:6.0
Ibm » Jazz Reporting Service » Version: 6.0.1

cpe:2.3:a:ibm:jazz_reporting_service:6.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-0350

Products

Pricing

Contact Us