PatchSiren cyber security CVE debrief

CVE-2016-6125 IBM CVE debrief

CVE-2016-6125 is a cross-site scripting issue in IBM Kenexa LMS on Cloud affecting versions 13.1 and 13.2 through 13.2.4. NVD describes the issue as allowing users to embed arbitrary JavaScript in the Web UI, which can alter application behavior and may expose credentials within a trusted session. The CVSS v3.0 score is 5.4 (Medium).

Vendor: IBM
Product: CVE-2016-6125
CVSS: MEDIUM 5.4
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-01
Original CVE updated: 2026-05-13
Advisory published: 2017-02-01
Advisory updated: 2026-05-13

Who should care

Administrators and security owners responsible for IBM Kenexa LMS on Cloud deployments, especially environments where users can interact with the Web UI and where browser sessions carry sensitive access.

Technical summary

NVD classifies the weakness as CWE-79 and lists the CVSS v3.0 vector as AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. That means the issue is remotely reachable, requires low privileges and user interaction, changes scope, and can impact confidentiality and integrity at a limited level without affecting availability. The vulnerable product coverage in the NVD record includes IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, and 13.2.4.

Defensive priority

Medium. The issue is exploitable only with user interaction and low privileges, but it can still affect trusted browser sessions and potentially disclose credentials. Prioritize if the application is internet-facing or used by many authenticated users.

Recommended defensive actions

Review the IBM PSIRT advisory referenced by NVD for vendor remediation guidance.
Update or remediate any affected IBM Kenexa LMS on Cloud deployments listed in the NVD record: 13.1, 13.2, 13.2.2, 13.2.3, and 13.2.4.
Audit the Web UI for unescaped user-controlled content and validate that server-side and client-side output encoding is consistently applied.
Use session hardening measures such as secure cookie handling and shorter session lifetimes where appropriate.
Monitor for suspicious browser-side behavior or unexpected script injection reports from users.
Confirm whether any compensating controls, such as content security policy, are available and practical in the deployment.

Evidence notes

All factual statements are drawn from the supplied NVD record and its references. The NVD entry identifies IBM Kenexa LMS on Cloud as vulnerable, classifies the weakness as CWE-79, provides the CVSS v3.0 vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, and lists the affected versions. NVD also references an IBM vendor advisory and a SecurityFocus third-party advisory. No exploit details are included.

Official resources

CVE-2016-6125 CVE record
CVE.org
CVE-2016-6125 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

Publicly disclosed in the CVE/NVD record on 2017-02-01T20:59:02.567Z. The supplied corpus shows a later record modification on 2026-05-13T00:24:29.033Z; that is a database update time, not the original issue date. No Known Exploited Vulners