XSS in Ibm Tivoli_access_manager_for_e-business

CVE-2010-4120

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.071 (91.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_access_manager_for_e-business — versions 6.1.1, 6.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

68892 (x_refsource_OSVDB, vdb-entry)
68891 (x_refsource_OSVDB, vdb-entry)
68885 (x_refsource_OSVDB, vdb-entry)
ADV-2010-2774 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
IZ84918 (vendor-advisory, Exploit, x_refsource_AIXAPAR, Vendor Advisory)
68890 (x_refsource_OSVDB, vdb-entry)
68884 (x_refsource_OSVDB, vdb-entry)
68893 (x_refsource_OSVDB, vdb-entry)
tivoli-ebusiness-parm1-xss(62750) (vdb-entry, x_refsource_XF)
44382 (Exploit, vdb-entry, x_refsource_BID)