Medium severity5.4NVD Advisory· Published Jul 8, 2016· Updated Jun 17, 2026
CVE-2016-2888
CVE-2016-2888
Description
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*
- (no CPE)range: <5.0.2 ifix016, <6.0.1 ifix005
Patches
Vulnerability mechanics
References
1- www-01.ibm.com/support/docview.wssnvdVendor Advisory
News mentions
0No linked articles in our index yet.