XSS in Ibm Security_directory_server

CVE-2014-6100

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (40.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Security_directory_server — versions 6.3.1, 6.3.1.1, 6.3.1.2
Ibm Tivoli_directory_server — versions 6.1.0, 6.1.0.0, 6.1.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ibm-sds-cve20146100-xss(96005) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
61061 (x_refsource_SECUNIA, third-party-advisory)