Unrated severityNVD Advisory· Published Jan 13, 2012· Updated Apr 29, 2026

CVE-2012-0696

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.

Affected products

IBM/Cognos Executive Viewer
cpe:2.3:a:ibm:cognos_executive_viewer:*:*:*:*:*:*:*:*
IBM/Cognos Tm13 versions
cpe:2.3:a:ibm:cognos_tm1:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:cognos_tm1:*:*:*:*:*:*:*:*range: <=9.4.1.3
- cpe:2.3:a:ibm:cognos_tm1:9.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cognos_tm1:9.4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/47487nvdVendor Advisory
www-01.ibm.com/support/docview.wssnvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/78216nvd
www.osvdb.org/78217nvd
www.securityfocus.com/bid/51326nvd
exchange.xforce.ibmcloud.com/vulnerabilities/72198nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000