MEDIUM🇬🇧 English

CVE-2025-36352

CVSS 6.4v3.1pub. 2025-09-29upd. 2025-10-03

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
  • IBM License Metric Tool

    APP
    Ibm
    < 9.2.41
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2016-8964CRITICAL9.8ten sam produkt

IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to b...

CVE-2016-8980HIGH8.1ten sam produkt

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE)...

CVE-2025-36351MEDIUM4.3ten sam produkt

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in ...

CVE-2023-43044MEDIUM5.3ten sam produkt

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker c...

CVE-2016-8961MEDIUM6.1ten sam produkt

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect atta...