Skip to main content

Campaign CVE-2016-0265

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-02-01 psirt@us.ibm.com
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 01, 2017 - 20:59 cve.org
MEDIUM 5.4

DescriptionCVE.org

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

AnalysisAI

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Affected products include: Ibm Campaign.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2026-48303 CRITICAL
10.0 Jun 09

Remote code execution in Adobe Campaign Classic (ACC) version 7.4.3 build 9394 and earlier allows unauthenticated networ

CVE-2017-2989 CRITICAL
9.1 Apr 12

Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, o

CVE-2019-7850 CRITICAL
9.8 Jul 18

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Rated critical

CVE-2017-2968 CRITICAL
9.1 Feb 15

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. Rated critical severity (CVSS 9

CVE-2018-1941 HIGH
7.8 Dec 05

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating

CVE-2021-40745 HIGH
7.5 Nov 17

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arb

CVE-2019-7941 HIGH
7.5 Jul 18

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message v

CVE-2019-7848 HIGH
7.5 Jul 18

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Rated

CVE-2019-7847 HIGH
7.5 Jul 18

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Ref

CVE-2019-7846 HIGH
7.5 Jul 18

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Rated hi

CVE-2019-7843 HIGH
7.5 Jul 18

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Ra

CVE-2022-42343 MEDIUM
6.5 Dec 16

Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF)

Share

CVE-2016-0265 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy