Cross-Site Scripting Vulnerability in IBM Emptoris Services Procurement
CVE-2017-1443
Summary
IBM Emptoris Services Procurement version 10.0.0.5 is susceptible to a cross-site scripting vulnerability, which enables attackers to inject and execute arbitrary JavaScript code through the web interface. This exploitation can lead to unauthorized manipulation of content and the potential disclosure of sensitive credentials within an authenticated session. Users accessing the web application can be misled into executing malicious scripts, thereby compromising their accounts and exposing sensitive information. It is imperative for users of this product to implement security best practices and update to a patched version to mitigate the risk associated with this vulnerability.
Affected Version(s)
Emptoris Services Procurement 10.0.0.5
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved