漏洞描述
IBM Cognos Analytics是美国国际商业机器(IBM)公司的一套商业智能软件。该软件包括报表、仪表板和记分卡等,并可通过分析关键因素与关键人等内容,协助企业调整决策。 IBM Cognos Analytics 12.0.0至12.0.3版本和11.2.0至11.2.4 FP3版本存在跨站脚本漏洞,该漏洞源于列标题验证不正确,导致远程攻击者会执行恶意命令。
IBM Cognos Analytics 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-14651: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
- POC CVE-2017-18556: Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
- POC CVE-2022-24637: Open Web Analytics 1.7.3 - Remote Code Execution
- POC CVE-2022-43769: Hitachi Pentaho Business Analytics Server - Remote Code Execution
- POC CVE-2023-0630: Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
- POC CVE-2023-34124: SonicWall GMS and Analytics Web Services - Shell Injection
- POC CVE-2024-0250: Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
- POC azure-synapse-sqlpool-tde-disabled: Azure Synapse Analytics SQL Pool Transparent Data Encryption Not Enabled
- POC google-analytics-csp-bypass: Content-Security-Policy Bypass - Google Analytics
- POC tiktok-analytics-csp-bypass: Content-Security-Policy Bypass - TikTok Analytics
- POC CVE-2022-43939: Hitachi Pentaho Business Analytics Server - Bypass Authorization
- POC CVE-2023-34133: SonicWall GMS and Analytics - SQL Injection
- POC open-web-analytics-installer: Open Web Analytics Installer - Exposure