Skip to content

CVE-2014-0825

Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.

View on NVD

Severity

N/A

EPSS

Probability of exploitation (next 30 days): 0.0019 (0.2%)
Percentile: 40.2%
EPSS: 2026-05-06

Affects

ibm:change_and_configuration_management_databaseibm:maximo_service_deskibm:tivoli_it_asset_management_for_itibm:tivoli_service_request_manageribm:smartcloud_control_deskibm:maximo_asset_management

Technical description

Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.

Published: 5/26/2014, 4:55:03 PM
Last modified: 5/6/2026, 10:30:45 PM

References

HomeEventsBlogResourcesTeam