Description
IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Affected products
- IBM Corporation / Cognos Business Intelligence10 – 10
- IBM Corporation / Cognos Business Intelligence8.3.0 – 8.3.0
- IBM Corporation / Cognos Business Intelligence8.4.1 – 8.4.1
- IBM Corporation / Cognos Business Intelligence8.4 – 8.4
- IBM Corporation / Cognos Business Intelligence10.1 – 10.1
- IBM Corporation / Cognos Business Intelligence10.1.1 – 10.1.1
- IBM Corporation / Cognos Business Intelligence10.2 – 10.2
- IBM Corporation / Cognos Business Intelligence10.2.1 – 10.2.1
- IBM Corporation / Cognos Business Intelligence10.2.1.1 – 10.2.1.1
- IBM Corporation / Cognos Business Intelligence10.2.2 – 10.2.2
- IBM Corporation / Cognos Business Intelligence2 – 2