XSS in Ibm Cognos_executive_viewer

CVE-2012-0696

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/c…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (64.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_executive_viewer
Ibm Cognos_tm1 — versions 9.4.0, 9.4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

78217 (x_refsource_OSVDB, vdb-entry)
PM26682 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)
1026491 (vdb-entry, x_refsource_SECTRACK)
cevtm1-aspnetclient-createcontrol-xss(72198) (vdb-entry, x_refsource_XF)
78216 (x_refsource_OSVDB, vdb-entry)
47487 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
51326 (vdb-entry, x_refsource_BID)