Multiple Cross-Site Scripting Vulnerabilities in IBM Maximo Asset Management

CVE-2014-0915

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in IBM Maximo Asset Management, allowing remote authenticated users to inject arbitrary web scripts or HTML through certain fields, such as KPI display name and portlet fields. This flaw can lead to malicious content execution in the context of the affected user’s session, potentially compromising sensitive data and system integrity.

References