PT-2009-5576 · Ibm · Ibm Tivoli Identity Manager
Published
2009-09-18
·
Updated
2009-09-21
·
CVE-2009-3262
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Identity Manager version 5.0.0.5
Description
A cross-site scripting (XSS) issue exists in the Self Service UI (SSUI) of IBM Tivoli Identity Manager, allowing remote authenticated users to inject arbitrary web script or HTML via the
last name field in a profile.Recommendations
For IBM Tivoli Identity Manager version 5.0.0.5, consider restricting input for the
last name field to prevent injection of malicious scripts until a fix is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tivoli Identity Manager