CVE-2012-4836

medium

Description

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78918

http://www-01.ibm.com/support/docview.wss?uid=swg24034373

http://www-01.ibm.com/support/docview.wss?uid=swg21626697

Details

Source: Mitre, NVD

Published: 2013-03-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00188