IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines (IBM). A cross-site scripting vulnerability exists in IBM Security Verify Directory version 10.0.0, which originates from a vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI, which could change the intended functionality and lead to credential disclosure in a trusted session. No details of the vulnerability are available at this time.