CVE-2013-4048: XSS
First published: Mon Sep 16 2013(Updated: )
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM SPSS Analytical Decision Management | =6.1.0.0 | |
| IBM SPSS Analytical Decision Management | =6.2.0.0 | |
| IBM SPSS Analytical Decision Management | =7.0.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4048?
CVE-2013-4048 has a medium severity rating due to its potential for cross-site scripting exploits.
How do I fix CVE-2013-4048?
To fix CVE-2013-4048, upgrade IBM SPSS Analytical Decision Management to version 6.1 IF1, 6.2 IF1, or 7.0 FP1 IF6 or later.
Who is affected by CVE-2013-4048?
CVE-2013-4048 affects IBM SPSS Analytical Decision Management versions 6.1.0.0, 6.2.0.0, and 7.0.0.0 before the respective fix packs.
What type of vulnerability is CVE-2013-4048?
CVE-2013-4048 is classified as a cross-site scripting (XSS) vulnerability.
Can CVE-2013-4048 be exploited remotely?
Yes, CVE-2013-4048 can be exploited remotely by authenticated users to inject arbitrary web scripts or HTML.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/ibm
- canonical/ibm spss analytical decision management
- version/ibm spss analytical decision management/6.1.0.0
- version/ibm spss analytical decision management/6.2.0.0
- version/ibm spss analytical decision management/7.0.0.0