cpe:/a:ibm:curam_social_program_management:4.5:sp10 cpe:/a:ibm:curam_social_program_management:5.0 cpe:/a:ibm:curam_social_program_management:5.2:sp1 cpe:/a:ibm:curam_social_program_management:5.2:sp4 cpe:/a:ibm:curam_social_program_management:6.0 cpe:/a:ibm:curam_social_program_management:6.0.3.0 cpe:/a:ibm:curam_social_program_management:6.0.4.0 cpe:/a:ibm:curam_social_program_management:6.0.4.1 cpe:/a:ibm:curam_social_program_management:6.0.4.2 cpe:/a:ibm:curam_social_program_management:6.0.4.3 cpe:/a:ibm:curam_social_program_management:6.0.4.4 cpe:/a:ibm:curam_social_program_management:6.0.4.5 cpe:/a:ibm:curam_social_program_management:6.0.5.0 cpe:/a:ibm:curam_social_program_management:6.0.5.1 cpe:/a:ibm:curam_social_program_management:6.0.5.2 cpe:/a:ibm:curam_social_program_management:6.0.5.3 cpe:/a:ibm:curam_social_program_management:6.0.5.4 CVE-2014-3013 2014-06-18T12:55:07.750-04:00 2017-08-28T21:34:35.343-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2014-06-19T12:59:39.237-04:00 SECUNIA 59259 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21675415 XF ibm-curan-cve20143013-xss(93011) Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.