Medium severity5.4NVD Advisory· Published Mar 31, 2017· Updated Jun 17, 2026

CVE-2016-8935

Description

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

IBM/Kenexa Lms6 versions
cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*
IBM/Kenexa LMS on Cloudllm-create
Range: 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0
IBM Corporation/Kenexa LMS on Cloudv5
Range: 13.0

Patches

Vulnerability mechanics

References

www.ibm.com/support/docview.wssnvdPatchVendor Advisory
www.securityfocus.com/bid/97077nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000