XSS in Ibm Cognos_business_intelligence

CVE-2014-6145

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitr…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (37.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_business_intelligence — versions 10.1, 10.1.1, 10.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
ibm-cognos-cve20146145-xss(96915) (vdb-entry, x_refsource_XF)