IBM Daeja ViewONE Virtual is vulnerable to Persistent Cross-site Scripting attack
CVEID: CVE-2018-1399**
DESCRIPTION:** IBM Daeja ViewONE Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138435 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM Daeja ViewONE Virtual 4.1.5, IBM Deaja ViewONE Virtual 5.0.1, 5.0.2 and 5.0.3
Apply IBM Daeja ViewONE 5.0.3 IFix003 to version 5.0.1, 5.0.2 and 5.0.3 installations.
Apply IBM Daeja ViewONE 4.1.5.2 IFix001 to version 4.1.5.2 installations.
Apply IBM Daeja ViewONE 4.1.5.1 IFix027 to version 4.1.5.1 installations.
None