Cross-Site Scripting Vulnerability in IBM Sterling Order Management and Selling Fulfillment Foundation
CVE-2014-0932

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Order Management; Sterling Selling And Fulfillment Foundation
Vendor: CVE Published:; 21 April 2014

What is CVE-2014-0932?

This vulnerability allows remote authenticated users to exploit IBM Sterling Order Management and Sterling Selling and Fulfillment Foundation systems by injecting arbitrary web scripts or HTML through specially crafted URLs. Such an attack can lead to unauthorized actions or the exposure of sensitive user information, highlighting the importance of securing web applications against XSS threats.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21670912

x_refsource_CONFIRM

http://www.securityfocus.com/bid/66993

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/92264

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2014
Vulnerability Reserved
Jan 6, 2014