CVE-2020-4916

January 5, 2021

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.

Summary:

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.

PoC / Reference Links(if available):

https://exchange.xforce.ibmcloud.com/vulnerabilities/191390

CVSSv2 and CVSSv3 Score

v2: 3.5 / LOW
v3: 4.8 / MEDIUM

Links to patches(if available)

Tags: , , ,

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: rxss-in-hidden-parameter-hassan-sheet

April 23, 2024
hackerone

HackerOne Bug Bounty Disclosure: jira-credential-disclosure-within-mozilla-slack-griffinf

April 23, 2024
CISA Logo

CISA: CISA Releases Two Industrial Control Systems Advisories

April 23, 2024
cybersecurity

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

April 23, 2024