IBM Business Process Manager is vulnerable to persistent cross-site scripting due to insufficient validation of user input retrieved from the database. An authenticated malicious user can inject script in data fields. This script might be executed by other users when displaying this data.
CVEID: CVE-2015-0103 **
DESCRIPTION:** IBM Business Process Manager is vulnerable to persistent cross-site scripting due to insufficient validation of user input retrieved from the database. An authenticated malicious user can inject script in data fields. This script might be executed by other users when displaying this data.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99581> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Install the interim fix for APAR JR50457 as appropriate for your current IBM Business Process Manager.
None