CVE-2015-0156

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0156

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0158

Cross-site scripting XSS vulnerability in the Coach NG framework in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0158

Cross-site scripting XSS vulnerability in the Coach NG framework in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0158

CVE-2015-0158 corresponds to a cross-site scripting (XSS) vulnerability in the IBM BPM Coach NG framework. The root cause is improper validation of user-supplied input, allowing a remote attacker to trigger script execution in a user’s browser via a specially crafted URL. Affected products includ...

CVE-2015-0106

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a...

CVE-2015-0105

Cross-site scripting XSS vulnerability in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a...

Cross site scripting

Cross-site scripting XSS vulnerability in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0106

IBM BPM and WebSphere Lombardi Edition are affected by CVE-2015-0106: an XSS flaw from improper validation of user input that can be triggered by a crafted URL, allowing remote script execution in a user’s browser. Affected products/versions include IBM BPM Standard/Express/Advanced 7.5.x, 8.0.x,...

IBM Business Process Manager Coach NG Cross-Site Scripting Vulnerability

IBM Business Process Manager is part of the overall Service Oriented Architecture SOA, which combines simplicity, ease of use, and task management capabilities while supporting enterprise integration and transaction process management needs. A cross-site scripting vulnerability exists in IBM...

CVE-2015-0105

CVE-2015-0105 is an XSS vulnerability in IBM BPM’s Process Portal affecting BPM Standard/Express/Advanced 8.0.x before 8.0.1.3, 8.5.0 before 8.5.0.1, and 8.5.5 before 8.5.5.0. Root cause: improper validation/filtering of user-supplied input, allowing a crafted URL to execute script in a user’s br...

CVE-2015-0105

Cross-site scripting XSS vulnerability in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0103

Multiple cross-site scripting XSS vulnerabilities in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields...

Multiple Cross-Site Scripting Vulnerabilities in IBM Business Process Manager

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in Proce...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-01946)

IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembly, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...

IBM Business Process Manager Search REST API Access Bypass Vulnerability

IBM Business Process Manager is a comprehensive BPM platform that integrates WebSphere Lombardi, the industry's leading human-centric business process management platform, and WPS, a business process management platform centered on SOA integration. A security vulnerability exists in IBM BPM's...

CVE-2014-6139

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter...