CVE-2014-6192: XSS
First published: Mon May 25 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Curam Social Program Management | =6.0-sp2 | |
| IBM Curam Social Program Management | =6.0.4.0 | |
| IBM Curam Social Program Management | =6.0.4.1 | |
| IBM Curam Social Program Management | =6.0.4.2 | |
| IBM Curam Social Program Management | =6.0.4.3 | |
| IBM Curam Social Program Management | =6.0.4.4 | |
| IBM Curam Social Program Management | =6.0.4.5 | |
| IBM Curam Social Program Management | =6.0.5.0 | |
| IBM Curam Social Program Management | =6.0.5.1 | |
| IBM Curam Social Program Management | =6.0.5.2 | |
| IBM Curam Social Program Management | =6.0.5.3 | |
| IBM Curam Social Program Management | =6.0.5.4 | |
| IBM Curam Social Program Management | =6.0.5.5 | |
| IBM Curam Social Program Management | =6.0.5.5a | |
| IBM Curam Social Program Management | =6.0.5.6 | |
| IBM Curam Social Program Management | =6.0.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6192?
CVE-2014-6192 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2014-6192?
To fix CVE-2014-6192, upgrade IBM Curam Social Program Management to a patched version after EP26.
Who is affected by CVE-2014-6192?
CVE-2014-6192 affects remote authenticated users of specific versions of IBM Curam Social Program Management prior to the fixes.
What types of exploitation are possible with CVE-2014-6192?
Exploitation of CVE-2014-6192 could allow attackers to inject arbitrary web scripts or HTML into the application.
Are there any mitigations for CVE-2014-6192?
The best mitigation for CVE-2014-6192 is to apply the recommended patches from IBM for the affected versions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm curam social program management
- version/ibm curam social program management/6.0-sp2
- version/ibm curam social program management/6.0.4.0
- version/ibm curam social program management/6.0.4.1
- version/ibm curam social program management/6.0.4.2
- version/ibm curam social program management/6.0.4.3
- version/ibm curam social program management/6.0.4.4
- version/ibm curam social program management/6.0.4.5
- version/ibm curam social program management/6.0.5.0
- version/ibm curam social program management/6.0.5.1
- version/ibm curam social program management/6.0.5.2
- version/ibm curam social program management/6.0.5.3
- version/ibm curam social program management/6.0.5.4
- version/ibm curam social program management/6.0.5.5
- version/ibm curam social program management/6.0.5.5a
- version/ibm curam social program management/6.0.5.6
- version/ibm curam social program management/6.0.5.7