CVE-2014-0883 – IBM Power Hardware Management Console cross-site scripting
https://notcve.org/view.php?id=CVE-2014-0883
IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de usuario en la pantalla de inicio de sesión. IBM X-Force ID: 91163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/91163 https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •