Title: IBM Tivoli Storage Manager (TSM) Client CAD Service XSS
Oct 29, 2007
IBM Tivoli Storage Manager (TSM) Client contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the CAD Service does not validate unspecified input upon submission to dsmerror.log. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server when e.g. viewing the log file via the web-based interface using the "FILE" functionality of the CAD service.
Remote / Network Access
Loss of Integrity
No Vendor Action
OSVDB is not currently aware of a solution for this vulnerability.