CVE-2014-0914 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6 Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.

Reference

http://secunia.com/advisories/59570 http://secunia.com/advisories/59640 http://www.securityfocus.com/archive/1/533110/100/0/threaded http://www.securityfocus.com/bid/68839 http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679 http://www-01.ibm.com/support/docview.wss?uid=swg21678885 https://exchange.xforce.ibmcloud.com/vulnerabilities/91883

Share on: