XSS in Ibm Infosphere_information_server

CVE-2014-3071

Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (55.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Infosphere_information_server — versions 11.3
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

68781 (vdb-entry, x_refsource_BID)
ibm-infosphere-cve20143071-xss(93786) (vdb-entry, x_refsource_XF)
JR50453 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)
59267 (x_refsource_SECUNIA, third-party-advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)