Vulnerability Details CVE-2016-0370
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.9%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 3.5
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO88449
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO88451
- http://www-01.ibm.com/support/docview.wss?uid=swg21988726
- http://www.securityfocus.com/bid/92471
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO88449
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO88451
- http://www-01.ibm.com/support/docview.wss?uid=swg21988726
- http://www.securityfocus.com/bid/92471
Products affected by CVE-2016-0370
-
cpe:2.3:a:ibm:forms_experience_builder:8.5.0.0
-
cpe:2.3:a:ibm:forms_experience_builder:8.5.1.0
-
cpe:2.3:a:ibm:forms_experience_builder:8.5.1.1
-
cpe:2.3:a:ibm:forms_experience_builder:8.6.0.0
-
cpe:2.3:a:ibm:forms_experience_builder:8.6.1
-
cpe:2.3:a:ibm:forms_experience_builder:8.6.1.1
-
cpe:2.3:a:ibm:forms_experience_builder:8.6.2
-
cpe:2.3:a:ibm:forms_experience_builder:8.6.2.1