Security Bulletin: The IBM® Engineering Lifecycle Management is vulnerable to cross-site scripting

Summary A cross-site scripting vulnerability has been identified on the URL "/jts/auth/authrequired". The web-url does not properly sanitise and escape xss payload before out-putting a 'layout' parameter that users supply to the response body leading to a Cross Site Scripting attack. This bulleti...

Security Bulletin: IBM Jazz Reporting Services is vulnerable to a to cross-site scripting (CVE-2020-4051)

Summary Cross-site scripting has been identified in dojo library shipped with IBM Jazz Reporting Services JRS. JRS has addressed the issues by releasing a fix Vulnerability Details CVEID:CVE-2020-4051 DESCRIPTION: Dijit is vulnerable to cross-site scripting, caused by improper validation of...