IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226.
[
{
"product": "API Connect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0.1.0"
},
{
"status": "affected",
"version": "5.0.0.0"
},
{
"status": "affected",
"version": "5.0.0.1"
},
{
"status": "affected",
"version": "5.0.2.0"
},
{
"status": "affected",
"version": "5.0.5.0"
},
{
"status": "affected",
"version": "5.0.6.0"
},
{
"status": "affected",
"version": "5.0.6.1"
},
{
"status": "affected",
"version": "5.0.6.2"
},
{
"status": "affected",
"version": "5.0.7.0"
},
{
"status": "affected",
"version": "5.0.7.1"
},
{
"status": "affected",
"version": "5.0.3.0"
},
{
"status": "affected",
"version": "5.0.4.0"
},
{
"status": "affected",
"version": "5.0.7.2"
},
{
"status": "affected",
"version": "5.0.6.3"
},
{
"status": "affected",
"version": "5.0.6.4"
},
{
"status": "affected",
"version": "5.0.8.0"
},
{
"status": "affected",
"version": "5.0.8.1"
},
{
"status": "affected",
"version": "5.0.6.5"
},
{
"status": "affected",
"version": "5.0.8.2"
}
]
}
]