XSS in Ibm Tivoli_identity_manager
CVE-2009-3262
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.008 (53.0th percentile) — read the EPSS interpretation.
Affected products
- Ibm Tivoli_identity_manager — versions 5.0.0.5
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vendor-advisory, Patch, Vendor Advisory, x_refsource_AIXAPAR)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)