1. Home
  2. CVE Database
  3. CVE-2015-4971
LOW · 3.5

CVE-2015-4971

Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x befor...

Vulnerability Description

Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
IbmEmptorissupplier_lifecycle_management
IbmEmptoris Program Management10.0.0.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2015-4971?

CVE-2015-4971 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x befor...

How severe is CVE-2015-4971?

CVE-2015-4971 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4971?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Emptoris, Ibm Emptoris Program Management.