CVE-2016-3003: XSS
First published: Mon Sep 26 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Connections Portlets | =4.0.0.0 | |
| IBM Connections Portlets | =4.5.0.0 | |
| IBM Connections Portlets | =5.0.0.0 | |
| IBM Connections Portlets | =5.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3003?
CVE-2016-3003 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2016-3003?
To fix CVE-2016-3003, update to the latest version of IBM Connections that addresses this vulnerability.
Who is affected by CVE-2016-3003?
CVE-2016-3003 affects IBM Connections versions 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1.
What type of vulnerability is CVE-2016-3003?
CVE-2016-3003 is a cross-site scripting (XSS) vulnerability allowing remote authenticated users to inject web scripts or HTML.
When was CVE-2016-3003 disclosed?
CVE-2016-3003 was disclosed in 2016.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/softwarecombine
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm connections portlets
- version/ibm connections portlets/4.0.0.0
- version/ibm connections portlets/4.5.0.0
- version/ibm connections portlets/5.0.0.0
- version/ibm connections portlets/5.5.0.0