IBM Cúram Social Program Management CVE-2018-1900 Cross Site Scripting Vulnerability
BID:106189
CVE-2018-1900 |Info
IBM Cúram Social Program Management CVE-2018-1900 Cross Site Scripting Vulnerability
| Bugtraq ID: | 106189 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1900 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2018 12:00AM |
| Updated: | Dec 06 2018 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM Cúram Social Program Management 7.0.4.0 IBM Cúram Social Program Management 7.0.2.0 IBM Cúram Social Program Management 7.0.1.0 IBM Cúram Social Program Management 7.0.0.0 IBM Cúram Social Program Management 6.2.0.6 IBM Cúram Social Program Management 6.2.0.0 IBM Cúram Social Program Management 6.1.1.6 IBM Cúram Social Program Management 6.1.1.5 IBM Cúram Social Program Management 6.1.1.4 IBM Cúram Social Program Management 6.1.1.3 IBM Cúram Social Program Management 6.1.1.2 IBM Cúram Social Program Management 6.1.1.1 IBM Cúram Social Program Management 6.1.1.0 IBM Cúram Social Program Management 6.1.0.0 IBM Cúram Social Program Management 6.0.5.9 IBM Cúram Social Program Management 6.0.5.8 IBM Cúram Social Program Management 6.0.5.7 IBM Cúram Social Program Management 6.0.5.6 IBM Cúram Social Program Management 6.0.5.5 IBM Cúram Social Program Management 6.0.5.4 IBM Cúram Social Program Management 6.0.5.3 IBM Cúram Social Program Management 6.0.5.2 IBM Cúram Social Program Management 6.0.5.10 IBM Cúram Social Program Management 6.0.5.0 |
| Not Vulnerable: |
IBM Cúram Social Program Management 7.0.4.0 iFix1 IBM Cúram Social Program Management 7.0.1.3 IBM Cúram Social Program Management 6.2.0.6 iFIX2 IBM Cúram Social Program Management 6.1.1.6 iFix2 IBM Cúram Social Program Management 6.0.5.10 iFix4 |
Discussion
IBM Cúram Social Program Management CVE-2018-1900 Cross Site Scripting Vulnerability
IBM Cúram Social Program Management is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
IBM Cúram Social Program Management 7.0.2.0 through 7.0.4.0
IBM Cúram Social Program Management 7.0.0.0 through 7.0.1.0
IBM Cúram Social Program Management 6.1.0.0 through 6.1.1.6
IBM Cúram Social Program Management 6.0.5.0 through 6.0.5.10
IBM Cúram Social Program Management is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
IBM Cúram Social Program Management 7.0.2.0 through 7.0.4.0
IBM Cúram Social Program Management 7.0.0.0 through 7.0.1.0
IBM Cúram Social Program Management 6.1.0.0 through 6.1.1.6
IBM Cúram Social Program Management 6.0.5.0 through 6.0.5.10
Exploit / POC
IBM Cúram Social Program Management CVE-2018-1900 Cross Site Scripting Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
Solution / Fix
IBM Cúram Social Program Management CVE-2018-1900 Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM Cúram Social Program Management CVE-2018-1900 Cross Site Scripting Vulnerability
References:
References: