Unrated severityNVD Advisory· Published Apr 23, 2013· Updated Jun 16, 2026
CVE-2012-5949
CVE-2012-5949
Description
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp.
Affected products
10cpe:2.3:a:ibm:tririga_application_platform:2.1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:ibm:tririga_application_platform:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:8.0:*:*:*:*:*:*:*
- (no CPE)range: 2.x, 3.x < 3.3, 8
Patches
Vulnerability mechanics
References
3- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/80629nvd
News mentions
0No linked articles in our index yet.