CVE-2016-0280

Published: Aug 8, 2016Modified: May 6, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected (9)

Products: Ibm: Information Server Framework, Infosphere Information Governance Catalog, Infosphere Information Server Business Glossary

Ibm

3 products

Information Server Framework

Infosphere Information Governance Catalog

Infosphere Information Server Business Glossary

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Information Server Framework	Version 11.3
Ibm Information Server Framework	Version 11.5
Ibm Information Server Framework	Version 8.5
Ibm Information Server Framework	Version 8.7
Ibm Information Server Framework	Version 9.1
Ibm Infosphere Information Governance Catalog	Version 11.3
Ibm Infosphere Information Governance Catalog	Version 11.5
Ibm Infosphere Information Server Business Glossary	Version 8.7
Ibm Infosphere Information Server Business Glossary	Version 9.1