CVE-2016-0265

Published: Feb 1, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Affected (4)

Products: Ibm: Campaign

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Campaign	Version 8.6
Ibm Campaign	Version 9.1.1
Ibm Campaign	Version 9.1.2
Ibm Campaign	Version 9.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.ibm.com/support/docview.wss?uid=swg21986033

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/95100

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www.ibm.com/support/docview.wss?uid=swg21986033

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/95100

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.