CVE-2016-0255

Published: May 5, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.

Affected (4)

Products: Ibm: Marketing Platform

1 product

Marketing Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Marketing Platform	Version 10.0
Ibm Marketing Platform	Version 9.1.1
Ibm Marketing Platform	Version 9.1.2
Ibm Marketing Platform	Version 9.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.ibm.com/support/docview.wss?uid=swg22001950

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/98336

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www.ibm.com/support/docview.wss?uid=swg22001950

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/98336

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.