IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the user views the output HTML file.
An arbitrary script may be executed on the user's web browser when the user views the report. An arbitrary file in a client PC could be viewed depending on the content of the script.
Update the Software
Update the software to the latest version according to the information released by the vendor.
For more information, refer to the vendor's website.
## Products Affected