PT-2019-7906 · Ibm · Ibm Bigfix Compliance

Publicado

2019-02-05

Atualizado

2019-10-09

CVE-2017-1202

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM BigFix Compliance versions 1.7 through 1.9.91

Description The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. This is due to an HTML injection flaw.

Recommendations For IBM BigFix Compliance versions 1.7 through 1.9.91, update to a version that is not affected by this issue to prevent HTML injection attacks.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2017-1202

Produtos afetados

Ibm Bigfix Compliance

PT-2019-7906 · Ibm · Ibm Bigfix Compliance

CVE-2017-1202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4