CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0217
https://notcve.org/view.php?id=CVE-2016-0217
01 Feb 2017 — IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM Cognos Business Intelli... • http://www.ibm.com/support/docview.wss?uid=swg21996417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-0398 – IBM Cognos 11.0 Content Spoofing
https://notcve.org/view.php?id=CVE-2016-0398
03 Jun 2016 — IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. IBM Cognos Analytics (CA) 11.0 en versiones anteriores a 11.0.2 permite a atacantes remotos llevar a cabo ataques de suplantación de contenido a través de una URL manipulada. IBM Cognos version 11.0 suffers from a content spoofing vulnerability. • https://packetstorm.news/files/id/137306 • CWE-20: Improper Input Validation •