CVE-2018-1951
The CVE applies to IBM Publishing Engine versions 2.1.2, 6.0.5, and 6.0.6, where a cross‑site scripting vulnerability could allow injection of arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The CVSS v3.0 base score is 5.4 (MEDIUM), wi...