Описание
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
Уязвимость веб-интерфейса платформ управления рисками на предприятии IBM OpenPages и IBM OpenPages with Watson, позволяющая нарушителю выполнить произвольный HTML-код
EPSS
5.4 Medium
CVSS3