2 matches found
Security Bulletin: Multiple Cross-Site scripting vulnerabilities in IBM Business Process Manager dashboards (CVE-2015-4955)
Summary Due to insufficient user input escaping IBM Business Process Manager dashboards are vulnerable to Cross-Site scripting. Vulnerability Details CVEID: CVE-2015-4955 DESCRIPTION: IBM Business Process Manager is vulnerable to reflected cross-site scripting, which is caused by the improper...
CVE-2015-4955
IBM BPM CVE-2015-4955 is an XSS vulnerability affecting IBM BPM versions 8.0.x–8.5.6.0 (CF1 for 8.5.6.0). It stems from insufficient escaping in BPM dashboards, enabling a remote authenticated attacker to inject arbitrary web script via a crafted URL. The IBM bulletin lists a base CVSS v2 score o...