IBM Jazz for Service Management is an integrated service management product from IBM that provides visibility into the service management environment. IBM Jazz for Service Management suffers from a cross-site scripting vulnerability that could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended functionality. This can alter the intended functionality and potentially lead to credential disclosure in trusted sessions.