Cross site scripting

2024-02-0401:15:00

PRIOn knowledge base

www.prio-n.com

ibm

business automation workflow

cross-site scripting

web ui

credentials disclosure

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.

CPENameOperatorVersion
business_automation_workfloweq20.0.0.1
business_automation_workfloweq21.0.3 if11
business_automation_workfloweq21.0.3 if10
business_automation_workfloweq21.0.3 if9
business_automation_workfloweq21.0.3 if8
business_automation_workfloweq21.0.3 if7
business_automation_workfloweq21.0.3 if6
business_automation_workfloweq21.0.3 if5
business_automation_workfloweq21.0.3 if2
business_automation_workfloweq20.0.0.1

Name	Operator	Version
business_automation_workflow	eq	20.0.0.1
business_automation_workflow	eq	21.0.3 if11
business_automation_workflow	eq	21.0.3 if10
business_automation_workflow	eq	21.0.3 if9
business_automation_workflow	eq	21.0.3 if8
business_automation_workflow	eq	21.0.3 if7
business_automation_workflow	eq	21.0.3 if6
business_automation_workflow	eq	21.0.3 if5
business_automation_workflow	eq	21.0.3 if2
business_automation_workflow	eq	20.0.0.1