Skip to main content

Openpages Grc Platform CVE-2016-3049

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-10-24 psirt@us.ibm.com
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 24, 2017 - 21:29 cve.org
MEDIUM 5.4

DescriptionCVE.org

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712.

AnalysisAI

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712. Affected products include: Ibm Openpages Grc Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-1300 HIGH
8.8 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker t

CVE-2015-0145 MEDIUM
6.8 Oct 03

Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5,

CVE-2024-35151 MEDIUM
6.5 Aug 22

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper a

CVE-2017-1290 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2017-1147 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2016-3048 MEDIUM
5.4 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2015-5049 MEDIUM
5.4 Jan 01

SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 a

CVE-2017-1148 MEDIUM
5.3 Nov 01

IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain se

CVE-2017-1333 MEDIUM
5.3 Nov 01

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about t

CVE-2014-3011 MEDIUM
5.0 Jun 27

IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified

CVE-2024-27257 MEDIUM
4.3 Sep 10

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source

CVE-2015-0142 MEDIUM
4.0 Oct 03

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote au

Share

CVE-2016-3049 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy