Vulnerability Details CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.3%
CVSS Severity
CVSS v3 Score 5.4
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/255072
- https://www.ibm.com/support/pages/node/7030367
- https://www.ibm.com/support/pages/node/7030926
- https://exchange.xforce.ibmcloud.com/vulnerabilities/255072
- https://www.ibm.com/support/pages/node/7030367
- https://www.ibm.com/support/pages/node/7030926
Products affected by CVE-2023-32332
-
cpe:2.3:a:ibm:maximo_application_suite:8.10
-
cpe:2.3:a:ibm:maximo_application_suite:8.9
-
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2
-
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3