CVE-2018-1657
IBM Publishing Engine versions 2.1.2, 6.0.5, and 6.0.6 are vulnerable to cross-site scripting (CWE) via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Remediation provided by IBM bulletin includes upgrading to later ifix p...