IBM Jazz Reporting Service CVE-2017-1750 Cross Site Scripting Vulnerability
BID:104012
CVE-2017-1750 |Info
IBM Jazz Reporting Service CVE-2017-1750 Cross Site Scripting Vulnerability
| Bugtraq ID: | 104012 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-1750 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2018 12:00AM |
| Updated: | Apr 23 2018 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM Jazz Reporting Service 6.0.5 IBM Jazz Reporting Service 6.0.4 IBM Jazz Reporting Service 6.0.3 IBM Jazz Reporting Service 6.0.2 IBM Jazz Reporting Service 6.0.1 IBM Jazz Reporting Service 6.0 IBM Jazz Reporting Service 5.0.2 IBM Jazz Reporting Service 5.0.1 IBM Jazz Reporting Service 5.0 |
| Not Vulnerable: | |
Discussion
IBM Jazz Reporting Service CVE-2017-1750 Cross Site Scripting Vulnerability
IBM Jazz Reporting Service is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM Jazz Reporting Service 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4 and 6.0.5 are vulnerable; other versions may also be affected.
IBM Jazz Reporting Service is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
IBM Jazz Reporting Service 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4 and 6.0.5 are vulnerable; other versions may also be affected.
Exploit / POC
IBM Jazz Reporting Service CVE-2017-1750 Cross Site Scripting Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.