CVE-2023-28530 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28530
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251214 https://security.netapp.com/advisory/ntap-20230814-0005 https://www.ibm.com/support/pages/node/7012621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-25929 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-25929
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247861 https://security.netapp.com/advisory/ntap-20230814-0005 https://www.ibm.com/support/pages/node/7012621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28953 – IBM Cognos Analytics on Cloud Pak for Data improper access control
https://notcve.org/view.php?id=CVE-2023-28953
IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251465 https://security.netapp.com/advisory/ntap-20230814-0001 https://www.ibm.com/support/pages/node/7006413 •
CVE-2021-39036 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2021-39036
IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213966 https://https://www.ibm.com/support/pages/node/6986505 https://security.netapp.com/advisory/ntap-20230622-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-39160 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2022-39160
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064. IBM Cognos Analytics 11.2.1, 11.2.0 y 11.1.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235064 https://www.ibm.com/support/pages/node/6841801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •