Cross-Site Scripting Vulnerability in IBM Robotic Process Automation
CVE-2018-1908
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 14 March 2019
Summary
IBM Robotic Process Automation with Automation Anywhere 11 contains a vulnerability that allows for the injection of arbitrary JavaScript code into the Web UI. This issue can be exploited by attackers to manipulate the site's behavior, potentially leading to the disclosure of sensitive information such as user credentials within a trusted session. This type of attack highlights the importance of secure coding practices and proper input validation in web applications.
Affected Version(s)
Robotic Process Automation with Automation Anywhere 11
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved