CVE-2024-28761
published 2024-05-14CVE-2024-28761: IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | app_connect_enterprise | >= 11.0.0.1 < 11.0.0.26 | 11.0.0.26 |
| ibm | app_connect_enterprise | 11.0.0.1 – 11.0.0.25 | — |
| ibm | app_connect_enterprise | >= 12.0.1.0 < 12.0.12.1 | 12.0.12.1 |
| ibm | app_connect_enterprise | 12.0.1.0 – 12.0.12.0 | — |