Cross-site Scripting Vulnerability in IBM Sterling Selling and Fulfillment Suite
CVE-2015-1911

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Order Management; Sterling Selling And Fulfillment Foundation; Sterling Field Sales
Vendor: CVE Published:; 25 May 2015

Summary

A Cross-site Scripting (XSS) vulnerability exists in IBM Sterling Selling and Fulfillment Suite, specifically affecting Sterling Order Management 8.5, Sterling Selling and Fulfillment Foundation 9.0.0, and Sterling Field Sales (SFS) 9.0. The flaw allows remote attackers to inject arbitrary web scripts or HTML via crafted URLs, which could potentially lead to unauthorized actions and exposure of sensitive information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21700864

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74224

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Feb 19, 2015