Primary

Context

IBM Informix Dynamic Server HTML Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing HTML injection has been identified in IBM Informix Dynamic Server versions 12.10.x and 14.10. This issue arises because the application accepts HTML scripts in certain fields, which can be executed in the context of the user's web browser when viewed. The vulnerability is session-specific and does not affect other users.

Impact

Exploitation of this vulnerability allows for HTML injection, where injected HTML is executed in the context of the victim's web browser.

Remediation

A fix for this vulnerability has been released in IBM Informix HQ versions 12.10.xC16W2, 14.10.xC11W1, and Informix HQ version 3.0.0. Users can download the latest fixes from IBM Fix Central. Follow the instructions for database server upgrades in the Informix Servers documentation.

Added: Jul 28, 2025, 4:19 PM

Updated: Jul 28, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Informix Dynamic Server HTML Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Informix Dynamic Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating