{"api_version":"1","generated_at":"2026-05-02T02:01:21+00:00","cve":"CVE-2012-0696","urls":{"html":"https://cve.report/CVE-2012-0696","api":"https://cve.report/api/cve/CVE-2012-0696.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-0696","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-0696"},"summary":{"title":"CVE-2012-0696","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.","state":"PUBLISHED","assigner":"mitre","published_at":"2012-01-13 04:14:39","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/47487","name":"http://secunia.com/advisories/47487","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1026491","name":"http://securitytracker.com/id?1026491","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM Cognos Input Validation Flaw in Executive Viewer Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/78217","name":"http://www.osvdb.org/78217","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72198","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72198","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/51326","name":"http://www.securityfocus.com/bid/51326","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM Cognos TM1 Executive Viewer Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/78216","name":"http://www.osvdb.org/78216","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682","name":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"IBM PM26682: CLIENT: A security scan reveals cross site script vulnerability in Executive Viewer","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-0696","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0696","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"696","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cognos_executive_viewer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"696","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cognos_tm1","cpe6":"9.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"696","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cognos_tm1","cpe6":"9.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"696","vulnerable":"1","versionEndIncluding":"9.4.1.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cognos_tm1","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T18:30:53.999Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"78217","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/78217"},{"name":"PM26682","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682"},{"name":"1026491","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1026491"},{"name":"cevtm1-aspnetclient-createcontrol-xss(72198)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72198"},{"name":"78216","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/78216"},{"name":"47487","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/47487"},{"name":"51326","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/51326"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-01-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"78217","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/78217"},{"name":"PM26682","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682"},{"name":"1026491","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1026491"},{"name":"cevtm1-aspnetclient-createcontrol-xss(72198)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72198"},{"name":"78216","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/78216"},{"name":"47487","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/47487"},{"name":"51326","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/51326"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-0696","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"78217","refsource":"OSVDB","url":"http://www.osvdb.org/78217"},{"name":"PM26682","refsource":"AIXAPAR","url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682"},{"name":"1026491","refsource":"SECTRACK","url":"http://securitytracker.com/id?1026491"},{"name":"cevtm1-aspnetclient-createcontrol-xss(72198)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72198"},{"name":"78216","refsource":"OSVDB","url":"http://www.osvdb.org/78216"},{"name":"47487","refsource":"SECUNIA","url":"http://secunia.com/advisories/47487"},{"name":"51326","refsource":"BID","url":"http://www.securityfocus.com/bid/51326"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2012-0696","datePublished":"2012-01-13T02:00:00.000Z","dateReserved":"2012-01-12T00:00:00.000Z","dateUpdated":"2024-08-06T18:30:53.999Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2012-01-13 04:14:39","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_executive_viewer:*:*:*:*:*:*:*:*","matchCriteriaId":"73BBE818-E7D4-4DE3-A60A-3E16493B762E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_tm1:*:*:*:*:*:*:*:*","versionEndIncluding":"9.4.1.3","matchCriteriaId":"764043E6-F81F-41C3-8862-EBC7FA29AB9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_tm1:9.4.0:*:*:*:*:*:*:*","matchCriteriaId":"285E738C-B037-4D91-B95D-3165A00D2977"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_tm1:9.4.1:*:*:*:*:*:*:*","matchCriteriaId":"6CDFEB23-5AD7-45D8-A7A0-7CB58715FE42"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"696","Ordinal":"1","Title":"CVE-2012-0696","CVE":"CVE-2012-0696","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"696","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.","Type":"Description","Title":"CVE-2012-0696"},{"CveYear":"2012","CveId":"696","Ordinal":"2","NoteData":"2012-01-12","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"696","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}