CVE-2011-4819: XSS
First published: Tue Mar 13 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Maximo Asset Management Essentials | =6.2 | |
| IBM Maximo Asset Management | =7.5 | |
| Ibm Maximo Asset Management Essentials | =7.5 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =6.2 | |
| Ibm Maximo Asset Management Essentials | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/ibm
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/6.2
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.5
- version/ibm maximo asset management essentials/7.5
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/6.2
- version/ibm maximo asset management essentials/7.1