Vulnonym.com

CVE-2015-1906 - Shabby genteel Motors

Description

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2 8.0.x through 8.0.1.3 8.5.0 through 8.5.0.1 8.5.5 through 8.5.5.0 and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21700717 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 http://www.securitytracker.com/id/1033002