CVE-2015-0193Cross-site Scripting in IBM Business Process Manager

CWE-79Cross-site Scripting3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 57.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Process ManagerIBM Websphere
Timeline
PublishedMay 30
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDibm/business_process_manager13 versions+12
NVDibm/websphere6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-m6xw-rvm8-jg3h: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 72022-05-17
CVEList
CVE-2015-0193: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 72015-05-30
CVE-2015-0193 — Cross-site Scripting in IBM | cvebase