Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ibm |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2014-0854 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2024-08-06T09:27:20.078Z
Reserved: 2014-01-06T00:00:00
Link: CVE-2014-0824
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2014-05-26T16:55:03.067
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-0824
Redhat
No data.
OpenCVE Enrichment
No data.