CVE-2016-2956: XSS
First published: Thu Sep 01 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Connections Portlets | =5.0.0.0 | |
| IBM Connections Portlets | =5.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2956?
CVE-2016-2956 is classified as a medium-severity cross-site scripting vulnerability.
How do I fix CVE-2016-2956?
To fix CVE-2016-2956, update IBM Connections to version 5.0 CR4 or 5.5 CR1 and later.
Who is affected by CVE-2016-2956?
CVE-2016-2956 affects remote authenticated users of IBM Connections 5.0 before CR4 and 5.5 before CR1.
What types of attacks can CVE-2016-2956 facilitate?
CVE-2016-2956 can facilitate cross-site scripting attacks, allowing injection of arbitrary web scripts or HTML.
Is CVE-2016-2956 a unique vulnerability?
Yes, CVE-2016-2956 is a different vulnerability from CVE-2016-2954 and CVE-2016-3008.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm connections portlets
- version/ibm connections portlets/5.0.0.0
- version/ibm connections portlets/5.5.0.0