Info

Last Modified

about 1 year ago

Percent Complete

25%

Disclosure

Oct 30, 2007

Discovery

Oct 11, 2007

Dates

Exploit

Oct 30, 2007

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

IZ06387

Description

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Available
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Technical

An attacker must supply valid user authentication credentials in order to exploit this vulnerability.

Products

Unknown or Incomplete

References

CVE ID: 2007-5949 (see also: NVD)
Bugtraq ID: 26305
Secunia Advisory ID: 27472
ISS X-Force ID: 38214
FrSIRT Advisory: ADV-2007-3709
Vendor Specific Advisory URL: http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06387
Keyword: IZ06387

Manual Testing Notes

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches