Show plain JSON{"id": "CVE-2013-0477", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-02-21T01:55:02.140", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624952", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81481", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624952", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81481", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en IBM InfoSphere Master Data Management - Collaborative Edition v10.0 y v10.1 antes de FP1 y InfoSphere Master Server Gesti\u00f3n de Datos de Informaci\u00f3n de Gesti\u00f3n de Productos v6.0, v9.0, v9.1 y permitir a usuarios remotos autenticados inyectar contenido, y llevar a cabo ataques de phising, a trav\u00e9s de vectores sin especificar."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E154774-95DA-426D-BF57-0E974999BBDE"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756BE2CB-8A97-40EE-A5E9-BD9F70D69D6C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492470D9-A7BD-4D9B-8C13-F0F71C991355"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255039A5-70E0-4C50-A34E-8CDC3AFAAD50"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70B31406-D67C-4574-914F-49794A437D5D"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}