XSS in Ibm Tivoli_identity_manager

CVE-2009-3262

Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (53.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
  • cve@mitre.org (vendor-advisory, Patch, Vendor Advisory, x_refsource_AIXAPAR)
  • cve@mitre.org (vdb-entry, x_refsource_SECTRACK)