Cross-Site Scripting Vulnerability in IBM Robotic Process Automation
CVE-2018-1908

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
14 March 2019

Summary

IBM Robotic Process Automation with Automation Anywhere 11 contains a vulnerability that allows for the injection of arbitrary JavaScript code into the Web UI. This issue can be exploited by attackers to manipulate the site's behavior, potentially leading to the disclosure of sensitive information such as user credentials within a trusted session. This type of attack highlights the importance of secure coding practices and proper input validation in web applications.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.