CVE-2016-8935

Summary

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationKenexa LMS on Cloud13.0affected
IBM CorporationKenexa LMS on Cloud13.1affected
IBM CorporationKenexa LMS on Cloud13.2affected
IBM CorporationKenexa LMS on Cloud13.2.2affected
IBM CorporationKenexa LMS on Cloud13.2.3affected
IBM CorporationKenexa LMS on Cloud13.2.4affected
IBM CorporationKenexa LMS on Cloud14.0.0affected
IBM CorporationKenexa LMS on Cloud14.1.0affected
IBM CorporationKenexa LMS on Cloud14.2.0affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References