CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2888

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 4.3

References

Products affected by CVE-2016-2888

Ibm » Jazz Reporting Service » Version: 5.0

cpe:2.3:a:ibm:jazz_reporting_service:5.0
Ibm » Jazz Reporting Service » Version: 5.0.1

cpe:2.3:a:ibm:jazz_reporting_service:5.0.1
Ibm » Jazz Reporting Service » Version: 5.0.2

cpe:2.3:a:ibm:jazz_reporting_service:5.0.2
Ibm » Jazz Reporting Service » Version: 6.0

cpe:2.3:a:ibm:jazz_reporting_service:6.0
Ibm » Jazz Reporting Service » Version: 6.0.1

cpe:2.3:a:ibm:jazz_reporting_service:6.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2888

Products

Pricing

Contact Us