1 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  91163. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 hasta 7R7.3.5, 7R7.7.0 hasta SP3 y 7R7.8.0 anterior al SP1 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de usuario en la pantalla de inicio de sesión. IBM X-Force ID: 91163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/91163 https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •