XSS in Ibm Cognos_business_intelligence

CVE-2013-0586

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (37.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_business_intelligence — versions 8.4.1, 10.1, 10.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
cognosbi-cve20130586-xss(83380) (vdb-entry, x_refsource_XF)