CVE-2016-0265

Summary

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationCampaign7.0affected
IBM CorporationCampaign7.1affected
IBM CorporationCampaign7.2affected
IBM CorporationCampaign7.3affected
IBM CorporationCampaign7.4affected
IBM CorporationCampaign7.5affected
IBM CorporationCampaign8.1affected
IBM CorporationCampaign8.2affected
IBM CorporationCampaign8.3affected
IBM CorporationCampaign8.4affected
IBM CorporationCampaign8.5affected
IBM CorporationCampaign8.6affected
IBM CorporationCampaign9.0affected
IBM CorporationCampaign9.1affected
IBM CorporationCampaign8.0affected
IBM CorporationCampaign7.6affected
IBM CorporationCampaign9.1.1affected
IBM CorporationCampaign9.1.2affected
IBM CorporationCampaign10.0affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References