2 matches found
Security Bulletin: IBM WebSphere Lombardi Edition and IBM Business Process Manager (BPM) cross-site scripting vulnerability in error situations (CVE-2014-0957)
Summary When you invoke a service using a URL, user input can be returned in unhandled service failure situations. Vulnerability Details CVE ID: CVE-2014-0957 DESCRIPTION: IBM WebSphere Lombardi Edition and IBM Business Process Manager are vulnerable to cross-site scripting that is caused by the...
CVE-2014-0957
IBM WebSphere Lombardi Edition and IBM Business Process Manager are affected by a cross-site scripting (XSS) flaw due to improper validation of user-supplied input. A remote attacker can exploit this via a crafted URL to trigger an unhandled service failure and potentially access cookie-based cre...