CVE-2016-2954: XSS
First published: Thu Sep 01 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Connections Portlets | =5.0.0.0 | |
| IBM Connections Portlets | =5.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2954?
CVE-2016-2954 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2016-2954?
To fix CVE-2016-2954, upgrade IBM Connections to version 5.0 CR4 or 5.5 CR1 or later.
Who is affected by CVE-2016-2954?
CVE-2016-2954 affects IBM Connections versions prior to 5.0 CR4 and 5.5 CR1.
What are the potential risks of CVE-2016-2954?
The risks of CVE-2016-2954 include unauthorized access and the ability for attackers to inject malicious scripts.
Can CVE-2016-2954 be exploited remotely?
Yes, CVE-2016-2954 can be exploited by remote authenticated users to inject arbitrary web scripts.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm connections portlets
- version/ibm connections portlets/5.0.0.0
- version/ibm connections portlets/5.5.0.0