CVE-2016-9006

Published: Mar 8, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.

Affected (29)

Products: Ibm: Urbancode Deploy

Ibm

1 product

Urbancode Deploy

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Ibm Urbancode Deploy	Version 6.1.0.1
Ibm Urbancode Deploy	Version 6.1.0.2
Ibm Urbancode Deploy	Version 6.1.0.3
Ibm Urbancode Deploy	Version 6.1.0.4
Ibm Urbancode Deploy	Version 6.1.1.1
Ibm Urbancode Deploy	Version 6.1.1.2
Ibm Urbancode Deploy	Version 6.1.1.3
Ibm Urbancode Deploy	Version 6.1.1.4
Ibm Urbancode Deploy	Version 6.1.1.5
Ibm Urbancode Deploy	Version 6.1.1.6
Ibm Urbancode Deploy	Version 6.1.1.7
Ibm Urbancode Deploy	Version 6.1.1.8
Ibm Urbancode Deploy	Version 6.1.1
Ibm Urbancode Deploy	Version 6.1.2
Ibm Urbancode Deploy	Version 6.1.3.1
Ibm Urbancode Deploy	Version 6.1.3.2
Ibm Urbancode Deploy	Version 6.1.3.3
Ibm Urbancode Deploy	Version 6.1.3
Ibm Urbancode Deploy	Version 6.1
Ibm Urbancode Deploy	Version 6.2.0.0
Ibm Urbancode Deploy	Version 6.2.0.1
Ibm Urbancode Deploy	Version 6.2.0.2
Ibm Urbancode Deploy	Version 6.2.1.1
Ibm Urbancode Deploy	Version 6.2.1.2
Ibm Urbancode Deploy	Version 6.2.1
Ibm Urbancode Deploy	Version 6.2.2.1
Ibm Urbancode Deploy	Version 6.2.2
Ibm Urbancode Deploy	Version 6.2.3.0
Ibm Urbancode Deploy	Version 6.2.3.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.ibm.com/support/docview.wss?uid=swg2C1000264

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/96757

Source: psirt@us.ibm.com

http://www.ibm.com/support/docview.wss?uid=swg2C1000264

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/96757

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.