exploitDog

GHSA-g6mm-82rq-qf9m

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Ссылки

EPSS

Процентиль: 45%

0.00227

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2015-1906

nvd

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

BDU:2015-11024

fstec

больше 10 лет назад

Уязвимость системы автоматизации деятельности предприятия Business Process Manager, позволяющая нарушителю внедрить произвольный веб или HTML-код

EPSS

Процентиль: 45%

0.00227

Низкий

CVE ID

Дефекты

CWE-79